CVE List - 2025 / February
Showing 2001 - 2100 of 3678 CVEs for February 2025 (Page 21 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-37363 | 2025-02-19 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization |
| CVE-2025-0112 | 2025-02-19 | Cortex XDR Agent: Local Windows User Can Disable the Agent |
| CVE-2023-51306 | 2025-02-20 | PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored... |
| CVE-2023-51308 | 2025-02-20 | PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple... |
| CVE-2023-51309 | 2025-02-20 | A lack of rate limiting in the 'Email Settings' feature... |
| CVE-2023-51310 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password', 'Email... |
| CVE-2023-51311 | 2025-02-20 | PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV... |
| CVE-2023-51312 | 2025-02-20 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site... |
| CVE-2023-51313 | 2025-02-20 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection... |
| CVE-2023-51314 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password', 'Email... |
| CVE-2023-51315 | 2025-02-20 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored... |
| CVE-2023-51316 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature... |
| CVE-2023-51317 | 2025-02-20 | PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML... |
| CVE-2023-51318 | 2025-02-20 | PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored... |
| CVE-2023-51319 | 2025-02-20 | PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV Injection... |
| CVE-2023-51320 | 2025-02-20 | PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV... |
| CVE-2023-51321 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature... |
| CVE-2023-51323 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature... |
| CVE-2023-51324 | 2025-02-20 | PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV... |
| CVE-2023-51325 | 2025-02-20 | PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple... |
| CVE-2023-51326 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature... |
| CVE-2023-51327 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature... |
| CVE-2023-51330 | 2025-02-20 | PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site... |
| CVE-2023-51331 | 2025-02-20 | PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection... |
| CVE-2023-51332 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature... |
| CVE-2023-51333 | 2025-02-20 | PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection... |
| CVE-2023-51334 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature... |
| CVE-2023-51335 | 2025-02-20 | PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored... |
| CVE-2023-51336 | 2025-02-20 | PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV... |
| CVE-2023-51337 | 2025-02-20 | PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site... |
| CVE-2023-51338 | 2025-02-20 | PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple... |
| CVE-2023-51339 | 2025-02-20 | A lack of rate limiting in the 'Forgot Password' feature... |
| CVE-2024-46933 | 2025-02-20 | An issue was discovered in Atos Eviden BullSequana XH2140 BMC... |
| CVE-2024-54756 | 2025-02-20 | A remote code execution (RCE) vulnerability in the ZScript function... |
| CVE-2024-54958 | 2025-02-20 | Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting... |
| CVE-2024-54959 | 2025-02-20 | Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery... |
| CVE-2024-54960 | 2025-02-20 | A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a... |
| CVE-2024-54961 | 2025-02-20 | Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows... |
| CVE-2024-55457 | 2025-02-20 | MasterSAM Star Gate 11 is vulnerable to directory traversal via... |
| CVE-2024-57401 | 2025-02-20 | SQL Injection vulnerability in Uniclare Student portal v.2 and before... |
| CVE-2024-57716 | 2025-02-20 | An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker... |
| CVE-2025-22973 | 2025-02-20 | An issue in QiboSoft QiboCMS X1.0 allows a remote attacker... |
| CVE-2025-23020 | 2025-02-20 | An issue was discovered in Kwik before 0.10.1. A hash... |
| CVE-2025-24946 | 2025-02-20 | The hash table used to manage connections in picoquic before... |
| CVE-2025-24947 | 2025-02-20 | A hash collision vulnerability (in the hash table used to... |
| CVE-2025-25662 | 2025-02-20 | Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in... |
| CVE-2025-25663 | 2025-02-20 | A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is... |
| CVE-2025-25664 | 2025-02-20 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow... |
| CVE-2025-25667 | 2025-02-20 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow... |
| CVE-2025-25668 | 2025-02-20 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow... |
| CVE-2025-25674 | 2025-02-20 | Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in... |
| CVE-2025-25675 | 2025-02-20 | Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located... |
| CVE-2025-25676 | 2025-02-20 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow... |
| CVE-2025-25678 | 2025-02-20 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow... |
| CVE-2025-25679 | 2025-02-20 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow... |
| CVE-2025-25957 | 2025-02-20 | Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows... |
| CVE-2025-25958 | 2025-02-20 | Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote... |
| CVE-2025-25960 | 2025-02-20 | Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote... |
| CVE-2025-25968 | 2025-02-20 | DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper... |
| CVE-2025-25973 | 2025-02-20 | A stored Cross Site Scripting vulnerability in the "related recommendations"... |
| CVE-2025-26304 | 2025-02-20 | A memory leak has been identified in the parseSWF_EXPORTASSETS function... |
| CVE-2025-26305 | 2025-02-20 | A memory leak has been identified in the parseSWF_SOUNDINFO function... |
| CVE-2025-26306 | 2025-02-20 | A memory leak has been identified in the readSizedString function... |
| CVE-2025-26307 | 2025-02-20 | A memory leak has been identified in the parseSWF_IMPORTASSETS2 function... |
| CVE-2025-26308 | 2025-02-20 | A memory leak has been identified in the parseSWF_FILTERLIST function... |
| CVE-2025-26309 | 2025-02-20 | A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function... |
| CVE-2025-26310 | 2025-02-20 | Multiple memory leaks have been identified in the ABC file... |
| CVE-2025-26311 | 2025-02-20 | Multiple memory leaks have been identified in the clip actions... |
| CVE-2025-27218 | 2025-02-20 | Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before... |
| CVE-2025-1222 | 2025-02-20 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data |
| CVE-2025-1223 | 2025-02-20 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data |
| CVE-2025-1293 | 2025-02-20 | HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass |
| CVE-2025-1492 | 2025-02-20 | Uncontrolled Recursion in Wireshark |
| CVE-2024-49355 | 2025-02-20 | IBM OpenPages log manipulation |
| CVE-2024-43196 | 2025-02-20 | IBM OpenPages data manipulation |
| CVE-2024-49782 | 2025-02-20 | IBM OpenPages improper certificate validation |
| CVE-2024-49780 | 2025-02-20 | IBM OpenPages path traversal |
| CVE-2024-13445 | 2025-02-20 | Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-26856 | 2025-02-20 | Improper neutralization of special elements used in an OS command... |
| CVE-2024-13155 | 2025-02-20 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget |
| CVE-2024-13888 | 2025-02-20 | WPMobile.App <= 11.56 - Open Redirect via 'redirect' Parameter |
| CVE-2025-1064 | 2025-02-20 | Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode |
| CVE-2025-0897 | 2025-02-20 | Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode |
| CVE-2025-1483 | 2025-02-20 | LTL Freight Quotes – GlobalTranz Edition <= 2.3.12 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2024-13520 | 2025-02-20 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.6 - Missing Authorization to Unauthenticated Price, Date, and Note Updates |
| CVE-2024-6432 | 2025-02-20 | Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter |
| CVE-2024-13849 | 2025-02-20 | Cookie Notice Bar <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-13748 | 2025-02-20 | Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter |
| CVE-2024-13789 | 2025-02-20 | Ravpage <= 2.31 - PHP Object Injection |
| CVE-2025-0866 | 2025-02-20 | Legoeso PDF Manager <= 1.2.2 - Authenticated (Author+) SQL Injection via checkedVals Parameter |
| CVE-2024-13753 | 2025-02-20 | Ultimate Classified Listings <= 1.4 - Cross-Site Request Forgery to Account Takeover |
| CVE-2024-13476 | 2025-02-20 | LTL Freight Quotes – GlobalTranz Edition <= 2.3.11 - Unauthenticated SQL Injection |
| CVE-2024-13855 | 2025-02-20 | Prime Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode |
| CVE-2024-13802 | 2025-02-20 | Bandsintown Events <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13792 | 2025-02-20 | WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids |
| CVE-2025-1328 | 2025-02-20 | Typed JS: A typewriter style animation <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via typespeed Parameter |
| CVE-2025-1043 | 2025-02-20 | Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode |
| CVE-2025-0868 | 2025-02-20 | Remote Code Execution in DocsGPT |
| CVE-2025-21106 | 2025-02-20 | Dell Recover Point for Virtual Machines 6.0.X contains a Weak... |
| CVE-2024-49781 | 2025-02-20 | IBM OpenPages XML external entity injection |