CVE List - 2025 / February
Showing 1701 - 1800 of 3678 CVEs for February 2025 (Page 18 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-26773 | 2025-02-17 | WordPress Analytify plugin <= 5.5.0 - Broken Access Control vulnerability |
| CVE-2025-26775 | 2025-02-17 | WordPress BEAR Plugin <= 1.1.4.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26778 | 2025-02-17 | WordPress Gallery Custom Links Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23840 | 2025-02-17 | WordPress WP-NOTCAPTCHA Plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23845 | 2025-02-17 | WordPress ImageMeta Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-0714 | 2025-02-17 | Insecure storage of sensitive information in MobaXTerm <25.0. |
| CVE-2025-21103 | 2025-02-17 | Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions... |
| CVE-2025-1391 | 2025-02-17 | Keycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claims |
| CVE-2024-13879 | 2025-02-17 | Stream <= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery |
| CVE-2025-1392 | 2025-02-17 | D-Link DIR-816 index.html cross site scripting |
| CVE-2025-25055 | 2025-02-17 | Authentication bypass by spoofing issue exists in FileMegane versions above... |
| CVE-2025-20075 | 2025-02-17 | Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above... |
| CVE-2021-46686 | 2025-02-17 | Improper neutralization of special elements used in an OS command... |
| CVE-2022-41545 | 2025-02-18 | The administrative web interface of a Netgear C7800 Router running... |
| CVE-2024-39327 | 2025-02-18 | Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1... |
| CVE-2024-39328 | 2025-02-18 | Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0.... |
| CVE-2024-50608 | 2025-02-18 | An issue was discovered in Fluent Bit 3.1.9. When the... |
| CVE-2024-50609 | 2025-02-18 | An issue was discovered in Fluent Bit 3.1.9. When the... |
| CVE-2024-51505 | 2025-02-18 | An issue was discovered in Atos Eviden IDRA before 2.7.1.... |
| CVE-2024-55460 | 2025-02-18 | A time-based SQL injection vulnerability in the login page of... |
| CVE-2024-56171 | 2025-02-18 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free... |
| CVE-2024-56882 | 2025-02-18 | Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting... |
| CVE-2024-56883 | 2025-02-18 | Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control.... |
| CVE-2024-57045 | 2025-02-18 | A vulnerability in the D-Link DIR-859 router with firmware version... |
| CVE-2024-57046 | 2025-02-18 | A vulnerability in the Netgear DGN2200 router with firmware version... |
| CVE-2024-57049 | 2025-02-18 | A vulnerability in the TP-Link Archer c20 router with firmware... |
| CVE-2024-57050 | 2025-02-18 | A vulnerability in the TP-Link WR840N v6 router with firmware... |
| CVE-2024-57055 | 2025-02-18 | Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could... |
| CVE-2024-57056 | 2025-02-18 | Incorrect cookie session handling in WombatDialer before 25.02 results in... |
| CVE-2024-57254 | 2025-02-18 | An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1... |
| CVE-2024-57255 | 2025-02-18 | An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1... |
| CVE-2024-57256 | 2025-02-18 | An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1... |
| CVE-2024-57257 | 2025-02-18 | A stack consumption issue in sqfs_size in Das U-Boot before... |
| CVE-2024-57258 | 2025-02-18 | Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1... |
| CVE-2024-57259 | 2025-02-18 | sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error... |
| CVE-2025-22919 | 2025-02-18 | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers... |
| CVE-2025-22920 | 2025-02-18 | A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c... |
| CVE-2025-22921 | 2025-02-18 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via... |
| CVE-2025-24928 | 2025-02-18 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based... |
| CVE-2025-25467 | 2025-02-18 | Insufficient tracking and releasing of allocated used memory in libx264... |
| CVE-2025-25468 | 2025-02-18 | FFmpeg git-master before commit d5873b was discovered to contain a... |
| CVE-2025-25469 | 2025-02-18 | FFmpeg git-master before commit d5873b was discovered to contain a... |
| CVE-2025-25471 | 2025-02-18 | FFmpeg git master before commit fd1772 was discovered to contain... |
| CVE-2025-25472 | 2025-02-18 | A buffer overflow in DCMTK git master v3.6.9+ DEV allows... |
| CVE-2025-25473 | 2025-02-18 | FFmpeg git master before commit c08d30 was discovered to contain... |
| CVE-2025-25474 | 2025-02-18 | DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow... |
| CVE-2025-25475 | 2025-02-18 | A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK... |
| CVE-2025-25891 | 2025-02-18 | A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01,... |
| CVE-2025-25892 | 2025-02-18 | A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01... |
| CVE-2025-25893 | 2025-02-18 | An OS command injection vulnerability was discovered in D-Link DSL-3782... |
| CVE-2025-25894 | 2025-02-18 | An OS command injection vulnerability was discovered in D-Link DSL-3782... |
| CVE-2025-25895 | 2025-02-18 | An OS command injection vulnerability was discovered in D-Link DSL-3782... |
| CVE-2025-25896 | 2025-02-18 | A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01... |
| CVE-2025-26058 | 2025-02-18 | Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection.... |
| CVE-2025-27113 | 2025-02-18 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL... |
| CVE-2025-25221 | 2025-02-18 | The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and... |
| CVE-2025-25222 | 2025-02-18 | The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and... |
| CVE-2025-25223 | 2025-02-18 | The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and... |
| CVE-2025-25224 | 2025-02-18 | The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and... |
| CVE-2024-13741 | 2025-02-18 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery |
| CVE-2024-13740 | 2025-02-18 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure |
| CVE-2025-1390 | 2025-02-18 | pam_cap: Fix potential configuration parsing error |
| CVE-2024-13522 | 2025-02-18 | magayo Lottery Results <= 2.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13587 | 2025-02-18 | Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13581 | 2025-02-18 | Simple Charts <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13538 | 2025-02-18 | BigBuy Dropshipping Connector for WooCommerce <= 1.9.19 - Unauthenticated Full Path Disclosute |
| CVE-2025-0805 | 2025-02-18 | Mortgage Calculator / Loan Calculator <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13578 | 2025-02-18 | WP-BibTeX <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13684 | 2025-02-18 | Reset <= 1.6 - Cross-Site Request Forgery to Database Reset |
| CVE-2024-13501 | 2025-02-18 | WP-FormAssembly <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13595 | 2025-02-18 | Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-13579 | 2025-02-18 | WP-Asambleas <= 2.85.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0796 | 2025-02-18 | Mortgage Lead Capture System <= 8.2.10 - Cross-Site Request Forgery to Settings Reset |
| CVE-2024-12813 | 2025-02-18 | Open Hours – Easy Opening Hours <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13540 | 2025-02-18 | WooODT Lite – Delivery & pickup date time location for WooCommerce <= 2.5.1 - Unauthenticated Full Path Dsiclosure |
| CVE-2024-13577 | 2025-02-18 | CATS Job Listings <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13852 | 2025-02-18 | Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-13588 | 2025-02-18 | Simplebooklet PDF Viewer and Embedder <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12525 | 2025-02-18 | Easy MLS Listings Import <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13725 | 2025-02-18 | Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File Inclusion |
| CVE-2024-13576 | 2025-02-18 | Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13535 | 2025-02-18 | Actionwear products sync <= 2.3.0 - Unauthenticated Full Patch Disclosure |
| CVE-2024-12314 | 2025-02-18 | Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning |
| CVE-2024-13573 | 2025-02-18 | Zigaform – Form Builder Lite <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13687 | 2025-02-18 | Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13848 | 2025-02-18 | Reaction Buttons <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-13622 | 2025-02-18 | File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2024-13555 | 2025-02-18 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.1 - Cross-Site Request Forgery to Backup Process Cancellation |
| CVE-2024-13677 | 2025-02-18 | GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover |
| CVE-2024-13565 | 2025-02-18 | Simple Map No Api <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter |
| CVE-2024-13464 | 2025-02-18 | Library Bookshelves <= 5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13609 | 2025-02-18 | 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.1 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php |
| CVE-2024-13582 | 2025-02-18 | Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-45320 | 2025-02-18 | Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier,... |
| CVE-2024-13438 | 2025-02-18 | SpeedSize Image & Video AI-Optimizer <= 1.5.1 - Cross-Site Request Forgery to Clear Cache |
| CVE-2024-13556 | 2025-02-18 | Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection |
| CVE-2024-13315 | 2025-02-18 | Shopwarden – Automated WooCommerce monitoring & testing <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-57963 | 2025-02-18 | Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER |
| CVE-2024-57964 | 2025-02-18 | Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program |
| CVE-2024-13523 | 2025-02-18 | MemorialDay <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |