CVE List - 2025 / February
Showing 2501 - 2600 of 3676 CVEs for February 2025 (Page 26 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-27110 | 2025-02-25 | Libmodsecurity3 has possible bypass of encoded HTML entities |
| CVE-2025-27142 | 2025-02-25 | LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands |
| CVE-2025-27146 | 2025-02-25 | Matrix IRC Bridge allows IRC command injection to own puppeted user |
| CVE-2024-0148 | 2025-02-25 | NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted... |
| CVE-2025-27148 | 2025-02-25 | Gradle vulnerable to local privilege escalation through system temporary directory |
| CVE-2024-53870 | 2025-02-25 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A... |
| CVE-2024-53871 | 2025-02-25 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A... |
| CVE-2024-53872 | 2025-02-25 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A... |
| CVE-2024-53873 | 2025-02-25 | NVIDIA CUDA toolkit for Windows contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful... |
| CVE-2024-53874 | 2025-02-25 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A... |
| CVE-2024-53875 | 2025-02-25 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A... |
| CVE-2024-53876 | 2025-02-25 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A... |
| CVE-2024-53877 | 2025-02-25 | NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a user could cause a NULL pointer exception by passing a malformed ELF file to nvdisasm.... |
| CVE-2024-27245 | 2025-02-25 | Zoom Workplace Apps and SDKs - Buffer Overflow |
| CVE-2024-27246 | 2025-02-25 | Zoom Workplace Apps and SDKs - Use After Free |
| CVE-2024-27239 | 2025-02-25 | Zoom Workplace Apps and SDKs - Divide By Zero |
| CVE-2024-53878 | 2025-02-25 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A... |
| CVE-2024-53879 | 2025-02-25 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A... |
| CVE-2025-0514 | 2025-02-25 | Executable hyperlink Windows path targets executed unconditionally on activation |
| CVE-2025-22211 | 2025-02-25 | Extension - webdesigner-profi.de - SQL injection in JoomShopping component version 1.0.0 - 5.5.5 for Joomla |
| CVE-2024-30150 | 2025-02-25 | An unauthenticated privilege escalation vulnerability affects HCL MyCloud |
| CVE-2025-1091 | 2025-02-25 | Broken Authorization Schema |
| CVE-2025-0760 | 2025-02-25 | Stored Credential Disclosure Vulnerability |
| CVE-2024-46226 | 2025-02-26 | A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file... |
| CVE-2024-50684 | 2025-02-26 | SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app... |
| CVE-2024-50685 | 2025-02-26 | SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model. |
| CVE-2024-50686 | 2025-02-26 | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model. |
| CVE-2024-50687 | 2025-02-26 | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model. |
| CVE-2024-50688 | 2025-02-26 | SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry. |
| CVE-2024-50689 | 2025-02-26 | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model. |
| CVE-2024-50691 | 2025-02-26 | SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud... |
| CVE-2024-50693 | 2025-02-26 | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model. |
| CVE-2024-50696 | 2025-02-26 | SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with... |
| CVE-2024-52925 | 2025-02-26 | In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives. |
| CVE-2024-53427 | 2025-02-26 | decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by... |
| CVE-2024-53573 | 2025-02-26 | Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}. |
| CVE-2024-55581 | 2025-02-26 | When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's... |
| CVE-2024-57040 | 2025-02-26 | TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical... |
| CVE-2024-57423 | 2025-02-26 | A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. |
| CVE-2025-25462 | 2025-02-26 | A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter. |
| CVE-2025-25783 | 2025-02-26 | An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file. |
| CVE-2025-25784 | 2025-02-26 | An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file. |
| CVE-2025-25785 | 2025-02-26 | JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request. |
| CVE-2025-25789 | 2025-02-26 | FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php. |
| CVE-2025-25790 | 2025-02-26 | An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file. |
| CVE-2025-25791 | 2025-02-26 | An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. |
| CVE-2025-25792 | 2025-02-26 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. |
| CVE-2025-25793 | 2025-02-26 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. |
| CVE-2025-25794 | 2025-02-26 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. |
| CVE-2025-25796 | 2025-02-26 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. |
| CVE-2025-25797 | 2025-02-26 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. |
| CVE-2025-25799 | 2025-02-26 | SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php. |
| CVE-2025-25800 | 2025-02-26 | SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php. |
| CVE-2025-25802 | 2025-02-26 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. |
| CVE-2025-25813 | 2025-02-26 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. |
| CVE-2025-25818 | 2025-02-26 | A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php. |
| CVE-2025-25823 | 2025-02-26 | A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php. |
| CVE-2025-25825 | 2025-02-26 | A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category... |
| CVE-2025-25827 | 2025-02-26 | A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL. |
| CVE-2025-0889 | 2025-02-26 | Privilege Management for Windows – Elevation of Privilege |
| CVE-2025-22881 | 2025-02-26 | Heap-based Buffer Overflow in CNCSoft-G2 |
| CVE-2025-0234 | 2025-02-26 | Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver. |
| CVE-2021-47631 | 2025-02-26 | ARM: davinci: da850-evm: Avoid NULL pointer dereference |
| CVE-2021-47632 | 2025-02-26 | powerpc/set_memory: Avoid spinlock recursion in change_page_attr() |
| CVE-2021-47633 | 2025-02-26 | ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 |
| CVE-2021-47634 | 2025-02-26 | ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl |
| CVE-2021-47635 | 2025-02-26 | ubifs: Fix to add refcount once page is set private |
| CVE-2021-47636 | 2025-02-26 | ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() |
| CVE-2021-47637 | 2025-02-26 | ubifs: Fix deadlock in concurrent rename whiteout and inode writeback |
| CVE-2021-47638 | 2025-02-26 | ubifs: rename_whiteout: Fix double free for whiteout_ui->data |
| CVE-2021-47639 | 2025-02-26 | KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU |
| CVE-2021-47640 | 2025-02-26 | powerpc/kasan: Fix early region not updated correctly |
| CVE-2021-47641 | 2025-02-26 | video: fbdev: cirrusfb: check pixclock to avoid divide by zero |
| CVE-2021-47642 | 2025-02-26 | video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow |
| CVE-2021-47643 | 2025-02-26 | media: ir_toy: free before error exiting |
| CVE-2021-47644 | 2025-02-26 | media: staging: media: zoran: move videodev alloc |
| CVE-2021-47645 | 2025-02-26 | media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com |
| CVE-2021-47646 | 2025-02-26 | Revert "Revert "block, bfq: honor already-setup queue merges"" |
| CVE-2021-47647 | 2025-02-26 | clk: qcom: ipq8074: fix PCI-E clock oops |
| CVE-2021-47648 | 2025-02-26 | gpu: host1x: Fix a memory leak in 'host1x_remove()' |
| CVE-2021-47649 | 2025-02-26 | udmabuf: validate ubuf->pagecount |
| CVE-2021-47650 | 2025-02-26 | ASoC: soc-compress: prevent the potentially use of null pointer |
| CVE-2021-47651 | 2025-02-26 | soc: qcom: rpmpd: Check for null return of devm_kcalloc |
| CVE-2021-47652 | 2025-02-26 | video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() |
| CVE-2021-47653 | 2025-02-26 | media: davinci: vpif: fix use-after-free on driver unbind |
| CVE-2021-47654 | 2025-02-26 | samples/landlock: Fix path_list memory leak |
| CVE-2021-47655 | 2025-02-26 | media: venus: vdec: fixed possible memory leak issue |
| CVE-2021-47656 | 2025-02-26 | jffs2: fix use-after-free in jffs2_clear_xattr_subsystem |
| CVE-2021-47657 | 2025-02-26 | drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() |
| CVE-2022-49044 | 2025-02-26 | dm integrity: fix memory corruption when tag_size is less than digest size |
| CVE-2022-49046 | 2025-02-26 | i2c: dev: check return value when calling dev_set_name() |
| CVE-2022-49047 | 2025-02-26 | ep93xx: clock: Fix UAF in ep93xx_clk_register_gate() |
| CVE-2022-49048 | 2025-02-26 | ipv6: fix panic when forwarding a pkt with no in6 dev |
| CVE-2022-49049 | 2025-02-26 | mm/secretmem: fix panic when growing a memfd_secret |
| CVE-2022-49050 | 2025-02-26 | memory: renesas-rpc-if: fix platform-device leak in error path |
| CVE-2022-49051 | 2025-02-26 | net: usb: aqc111: Fix out-of-bounds accesses in RX fixup |
| CVE-2022-49052 | 2025-02-26 | mm: fix unexpected zeroed page mapping with zram swap |
| CVE-2022-49053 | 2025-02-26 | scsi: target: tcmu: Fix possible page UAF |
| CVE-2022-49054 | 2025-02-26 | Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests |
| CVE-2022-49055 | 2025-02-26 | drm/amdkfd: Check for potential null return of kmalloc_array() |