CVE List - 2025 / February
Showing 1501 - 1600 of 3678 CVEs for February 2025 (Page 16 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-7052 | 2025-02-14 | Forminator < 1.38.3 - Admin+ Stored XSS |
| CVE-2024-9601 | 2025-02-14 | Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' |
| CVE-2025-22630 | 2025-02-14 | WordPress Widget Options Plugin <= 4.1.0 - Arbitrary Code Execution vulnerability |
| CVE-2025-1298 | 2025-02-14 | Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to... |
| CVE-2024-13735 | 2025-02-14 | HurryTimer <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Name |
| CVE-2024-52577 | 2025-02-14 | Apache Ignite: Possible RCE when deserializing incoming messages by the server node |
| CVE-2024-13791 | 2025-02-14 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function |
| CVE-2025-0821 | 2025-02-14 | Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter |
| CVE-2025-26522 | 2025-02-14 | Authentication Bypass Vulnerability in RupeeWeb trading platform |
| CVE-2025-26523 | 2025-02-14 | Insufficient Authorization Vulnerability in RupeeWeb trading platform |
| CVE-2025-26524 | 2025-02-14 | No Rate Limiting Vulnerability in RupeeWeb trading platform |
| CVE-2025-0867 | 2025-02-14 | Privilege Escalation in MEAC300 |
| CVE-2025-23428 | 2025-02-14 | WordPress QMean plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23431 | 2025-02-14 | WordPress Envato Affiliater plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23474 | 2025-02-14 | WordPress Live Dashboard plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23492 | 2025-02-14 | WordPress 淘宝客插件 plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23523 | 2025-02-14 | WordPress HSS Embed Streaming Video plugin <= 3.23 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23525 | 2025-02-14 | WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23534 | 2025-02-14 | WordPress WPLingo plugin <= 1.1.2 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23568 | 2025-02-14 | WordPress WP Login Attempt Log plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23571 | 2025-02-14 | WordPress Internal Links Generator plugin <= 3.51 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23598 | 2025-02-14 | WordPress Recip.ly plugin <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23646 | 2025-02-14 | WordPress Library Instruction Recorder plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23647 | 2025-02-14 | WordPress WP-Clap plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23648 | 2025-02-14 | WordPress AdsMiddle plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23650 | 2025-02-14 | WordPress Tidy.ro plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23651 | 2025-02-14 | WordPress Scroll Top plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23652 | 2025-02-14 | WordPress Add custom content after post plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23653 | 2025-02-14 | WordPress Form To Online Booking plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23655 | 2025-02-14 | WordPress Contact Form 7 – Paystack Add-on plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23657 | 2025-02-14 | WordPress WordPress-to-candidate for Salesforce CRM plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23658 | 2025-02-14 | WordPress Advanced Angular Contact Form plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23742 | 2025-02-14 | WordPress Podamibe Twilio Private Call plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23748 | 2025-02-14 | WordPress Singsys -Awesome Gallery plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23750 | 2025-02-14 | WordPress Custom Widget Creator plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23751 | 2025-02-14 | WordPress Data Dash plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23766 | 2025-02-14 | WordPress OPSI Israel Domestic Shipments plugin <= 2.6.6 - Broken Access Control vulnerability |
| CVE-2025-23771 | 2025-02-14 | WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability |
| CVE-2025-23786 | 2025-02-14 | WordPress Email to Download Plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23787 | 2025-02-14 | WordPress Easy Bet Plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23788 | 2025-02-14 | WordPress Easy Filter Plugin <= 1.10 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23789 | 2025-02-14 | WordPress URL Shortener WooCommerce Plugin <= 9.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23790 | 2025-02-14 | WordPress Easy Code Placement Plugin <= 18.11 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23851 | 2025-02-14 | WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23853 | 2025-02-14 | WordPress NoFollow Free plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23857 | 2025-02-14 | WordPress Essential WP Real Estate Plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24554 | 2025-02-14 | WordPress AWcode Toolkit plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24558 | 2025-02-14 | WordPress CRM Perks plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24564 | 2025-02-14 | WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24565 | 2025-02-14 | WordPress WP2LEADS plugin <= 3.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24566 | 2025-02-14 | WordPress Intro Tour Tutorial DeepPresentation plugin <= 6.5.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24567 | 2025-02-14 | WordPress WP Mailster plugin <= 1.8.16.0 - Sensitive Data Exposure vulnerability |
| CVE-2025-24592 | 2025-02-14 | WordPress SysBasics Customize My Account for WooCommerce plugin <= 2.8.22 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24607 | 2025-02-14 | WordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerability |
| CVE-2025-24614 | 2025-02-14 | WordPress Post Timeline Plugin <= 2.3.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24615 | 2025-02-14 | WordPress Analytics Cat Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24616 | 2025-02-14 | WordPress Uix Page Builder Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24617 | 2025-02-14 | WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24641 | 2025-02-14 | WordPress Better WishList API plugin <= 1.1.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24699 | 2025-02-14 | WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24700 | 2025-02-14 | WordPress WP Event Aggregator Plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24688 | 2025-02-14 | WordPress WP Mailster Plugin <= 1.8.20.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24692 | 2025-02-14 | WordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2024-52500 | 2025-02-14 | WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-22698 | 2025-02-14 | WordPress Accessibility Suite by Ability, Inc plugin <= 4.16 - Multiple Broken Access Control vulnerability |
| CVE-2025-22702 | 2025-02-14 | WordPress Photography theme <= 7.5.2 - Broken Access Control vulnerability |
| CVE-2025-22705 | 2025-02-14 | WordPress Disqus Popular Posts plugin <= 2.1.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23905 | 2025-02-14 | WordPress Admin Options Pages plugin <= 0.9.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-13152 | 2025-02-14 | SQLi in BSS Software's Mobuy Online Machinery Monitoring Panel |
| CVE-2025-1071 | 2025-02-14 | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module |
| CVE-2025-1239 | 2025-02-14 | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List |
| CVE-2025-0178 | 2025-02-14 | WatchGaurd Firebox Host Header Injection Vulnerability |
| CVE-2024-12651 | 2025-02-14 | Sensitive Data Exposure in PTT Inc.'s HGS Mobile App |
| CVE-2024-56180 | 2025-02-14 | Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution |
| CVE-2024-52895 | 2025-02-14 | IBM i denial of service |
| CVE-2024-56477 | 2025-02-14 | IBM Power Hardware Management Console directory traversal |
| CVE-2024-56463 | 2025-02-14 | IBM QRadar SIEM cross-site scripting |
| CVE-2024-3220 | 2025-02-14 | Default mimetype known files writeable on Windows |
| CVE-2024-8893 | 2025-02-14 | Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd.... |
| CVE-2025-25204 | 2025-02-14 | `gh attestation verify` returns incorrect exit code during verification if no attestations are present |
| CVE-2025-25206 | 2025-02-14 | Incorrect input validation could allow an authenticated user to read sensitive information |
| CVE-2025-25295 | 2025-02-14 | Label Studio has a Path Traversal Vulnerability via image Field |
| CVE-2025-26506 | 2025-02-14 | Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege |
| CVE-2025-26507 | 2025-02-14 | Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege |
| CVE-2025-26508 | 2025-02-14 | Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege |
| CVE-2025-0503 | 2025-02-14 | Leaked User IDs and Metadata of Deleted DMs |
| CVE-2025-25296 | 2025-02-14 | Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint |
| CVE-2025-25297 | 2025-02-14 | Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint |
| CVE-2025-25304 | 2025-02-14 | Vega allows Cross-site Scripting via the vlSelectionTuples function |
| CVE-2025-25285 | 2025-02-14 | @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking |
| CVE-2025-25288 | 2025-02-14 | @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking |
| CVE-2025-25289 | 2025-02-14 | @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking |
| CVE-2025-25290 | 2025-02-14 | @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking |
| CVE-2025-0592 | 2025-02-14 | SICK Lector8xx and InspectorP8xx vulnerable for code execution |
| CVE-2024-31144 | 2025-02-14 | Xapi: Metadata injection attack against backup/restore functionality |
| CVE-2025-0593 | 2025-02-14 | SICK Lector8xx and InspectorP8xx vulnerable for code execution |
| CVE-2022-26083 | 2025-02-14 | Generation of weak initialization vector in an Intel(R) IPP Cryptography... |
| CVE-2022-28693 | 2025-02-14 | Unprotected alternative channel of return branch target prediction in some... |
| CVE-2025-21401 | 2025-02-14 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2024-10405 | 2025-02-14 | Weak TLS Ciphers on Brocade SANnav port 443 & 18082 |