CVE List - 2025 / February
Showing 301 - 400 of 3676 CVEs for February 2025 (Page 4 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-1017 | 2025-02-04 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough... |
| CVE-2025-1020 | 2025-02-04 | Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could... |
| CVE-2025-1015 | 2025-02-04 | The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field.... |
| CVE-2025-0825 | 2025-02-04 | CRLF injection in Cpp-httplib |
| CVE-2025-22206 | 2025-02-04 | Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla |
| CVE-2025-22696 | 2025-02-04 | WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-22697 | 2025-02-04 | WordPress Responsive Blocks plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22699 | 2025-02-04 | WordPress Traveler Code plugin <= 3.1.0 - Unauthenticated Arbitrary SQL Execution vulnerability |
| CVE-2025-22700 | 2025-02-04 | WordPress Traveler Code plugin <= 3.1.0 - Subscriber+ Arbitrary SQL Execution vulnerability |
| CVE-2025-23645 | 2025-02-04 | WordPress Find Content IDs plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24598 | 2025-02-04 | WordPress WP Mailster plugin <= 1.8.17.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24599 | 2025-02-04 | WordPress Newsletters plugin <= 4.9.9.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24602 | 2025-02-04 | WordPress WP24 Domain Check plugin <= 1.10.14 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24648 | 2025-02-04 | WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2.1 - Privilege Escalation vulnerability |
| CVE-2025-24677 | 2025-02-04 | WordPress Post/Page Copying Tool to Export and Import post/page for Cross site Migration Plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-22641 | 2025-02-04 | WordPress FM Notification Bar plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22642 | 2025-02-04 | WordPress Dynamic Conditions plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22643 | 2025-02-04 | WordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerability |
| CVE-2025-22653 | 2025-02-04 | WordPress Music Press Pro plugin <=1.4.6 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22662 | 2025-02-04 | WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22664 | 2025-02-04 | WordPress Survey Maker Plugin <= 5.1.3.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22674 | 2025-02-04 | WordPress Product Blocks for WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22675 | 2025-02-04 | WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22730 | 2025-02-04 | WordPress Ksher plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2025-22794 | 2025-02-04 | WordPress World Cup Predictor Plugin <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-23690 | 2025-02-04 | EOL Netgear FVS336v3 Telnet Configuration Backup Command Injection |
| CVE-2024-9643 | 2025-02-04 | Four-Faith F3x36 Hidden Debug Credentials |
| CVE-2024-9644 | 2025-02-04 | Four-Faith F3x36 bapply.cgi Auth Bypass |
| CVE-2024-45659 | 2025-02-04 | IBM Security Verify Access information disclosure |
| CVE-2025-0364 | 2025-02-04 | BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE |
| CVE-2025-23058 | 2025-02-04 | Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management Interface |
| CVE-2025-23059 | 2025-02-04 | Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager |
| CVE-2025-23060 | 2025-02-04 | Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM) |
| CVE-2025-25039 | 2025-02-04 | Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface |
| CVE-2024-48019 | 2025-02-04 | Apache Doris: allows admin users to read arbitrary files through the REST API |
| CVE-2025-24373 | 2025-02-04 | Unrestricted Access to PDF Documents via URL Manipulation in woocommerce-pdf-invoices-packing-slips |
| CVE-2025-0444 | 2025-02-04 | Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-0445 | 2025-02-04 | Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-0451 | 2025-02-04 | Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via... |
| CVE-2025-24971 | 2025-02-04 | OS Command Injection endpoint '/upload/init' parameter 'filename' (RCE) in DumpDrop |
| CVE-2025-24966 | 2025-02-04 | HTML Injection in reNgine |
| CVE-2025-24967 | 2025-02-04 | Stored XSS on Admin Panel When Deleting a User in reNgine |
| CVE-2025-24968 | 2025-02-04 | Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine |
| CVE-2025-0960 | 2025-02-04 | AutomationDirect C-more EA9 HMI Classic Buffer Overflow |
| CVE-2025-24964 | 2025-02-04 | Remote Code Execution when accessing a malicious website while Vitest API server is listening |
| CVE-2025-24963 | 2025-02-04 | Browser mode serves arbitrary files in vitest |
| CVE-2025-0630 | 2025-02-04 | Western Telematic Inc NPS Series, DSM Series, CPM Series External Control of File Name or Path |
| CVE-2025-0509 | 2025-02-04 | Signing Checks Bypass |
| CVE-2024-40700 | 2025-02-04 | IBM Security Verify Access cross-site scripting |
| CVE-2024-45658 | 2025-02-04 | IBM Security Verify Access information disclosure |
| CVE-2024-43187 | 2025-02-04 | IBM Security Verify Access information disclosure |
| CVE-2024-35138 | 2025-02-04 | IBM Security Verify Access cross-site request forgery |
| CVE-2024-45657 | 2025-02-04 | IBM Security Verify Access incorrect privilege assignment |
| CVE-2025-23023 | 2025-02-04 | Anonymous cache poisoning via request headers in Discourse |
| CVE-2025-22602 | 2025-02-04 | Stored DOM-based XSS (without CSP) via video placeholders in Discourse |
| CVE-2025-22601 | 2025-02-04 | Client Side Path Traversal using activate account route in Discourse |
| CVE-2024-56328 | 2025-02-04 | HTMLi(XSS without CSP) via Onebox urls in Discourse |
| CVE-2024-56197 | 2025-02-04 | Users can see other user's tagged PMs in Discourse |
| CVE-2024-55948 | 2025-02-04 | Anonymous cache poisoning via XHR requests in Discourse |
| CVE-2024-53994 | 2025-02-04 | Potential bypass of chat permissions in Discourse |
| CVE-2024-53851 | 2025-02-04 | Partial denial of service via inline oneboxes in Discourse |
| CVE-2024-53266 | 2025-02-04 | Cross-site Scripting (XSS) via topic titles when CSP disabled in Discourse |
| CVE-2024-8125 | 2025-02-04 | A remote code vulnerability has been discovered in OpenText™ Content Management. |
| CVE-2024-13723 | 2025-02-04 | Checkmk NagVis Remote Code Execution |
| CVE-2024-13722 | 2025-02-04 | Checkmk NagVis Reflected Cross-site Scripting |
| CVE-2024-11467 | 2025-02-04 | Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate... |
| CVE-2023-40222 | 2025-02-04 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Heap-based Buffer Overflow |
| CVE-2023-39943 | 2025-02-04 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write |
| CVE-2024-11468 | 2025-02-04 | Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user... |
| CVE-2025-0413 | 2025-02-04 | Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability |
| CVE-2024-53965 | 2025-02-04 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-53964 | 2025-02-04 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-53966 | 2025-02-04 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-53963 | 2025-02-04 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-53962 | 2025-02-04 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2020-36084 | 2025-02-05 | SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field. |
| CVE-2024-48394 | 2025-02-05 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level... |
| CVE-2024-54853 | 2025-02-05 | A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that... |
| CVE-2024-57063 | 2025-02-05 | A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57064 | 2025-02-05 | A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. NOTE: the Supplier disputes this because... |
| CVE-2024-57065 | 2025-02-05 | A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57066 | 2025-02-05 | A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57067 | 2025-02-05 | A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57068 | 2025-02-05 | A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57069 | 2025-02-05 | A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57071 | 2025-02-05 | A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57072 | 2025-02-05 | A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57074 | 2025-02-05 | A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57075 | 2025-02-05 | A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57076 | 2025-02-05 | A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57077 | 2025-02-05 | The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties... |
| CVE-2024-57078 | 2025-02-05 | A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57079 | 2025-02-05 | A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57080 | 2025-02-05 | A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57081 | 2025-02-05 | A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57082 | 2025-02-05 | A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57084 | 2025-02-05 | A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57085 | 2025-02-05 | A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57086 | 2025-02-05 | A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-57520 | 2025-02-05 | Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited... |