CVE List - 2025 / February
Showing 501 - 600 of 3676 CVEs for February 2025 (Page 6 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-36556 | 2025-02-06 | Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability. |
| CVE-2024-36557 | 2025-02-06 | The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to... |
| CVE-2024-36558 | 2025-02-06 | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication. |
| CVE-2024-39033 | 2025-02-06 | In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen. |
| CVE-2024-48589 | 2025-02-06 | Cross Site Scripting vulnerability in Gilnei Moraes phpABook v.0.9 allows a remote attacker to execute arbitrary code via the rol parameter in index.php |
| CVE-2024-53586 | 2025-02-06 | An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can... |
| CVE-2024-54909 | 2025-02-06 | A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. |
| CVE-2024-55241 | 2025-02-06 | An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component. |
| CVE-2024-56889 | 2025-02-06 | Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter. |
| CVE-2024-57392 | 2025-02-06 | Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a... |
| CVE-2024-57426 | 2025-02-06 | NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This... |
| CVE-2024-57427 | 2025-02-06 | PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft... |
| CVE-2024-57428 | 2025-02-06 | A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate).... |
| CVE-2024-57429 | 2025-02-06 | A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an... |
| CVE-2024-57430 | 2025-02-06 | An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to... |
| CVE-2024-57523 | 2025-02-06 | Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin... |
| CVE-2024-57599 | 2025-02-06 | Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php |
| CVE-2024-57609 | 2025-02-06 | An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function. |
| CVE-2024-57610 | 2025-02-06 | A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service... |
| CVE-2024-57668 | 2025-02-06 | In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability. |
| CVE-2024-57672 | 2025-02-06 | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. |
| CVE-2024-57673 | 2025-02-06 | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module |
| CVE-2025-22936 | 2025-02-06 | An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi... |
| CVE-2025-22992 | 2025-02-06 | A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter,... |
| CVE-2025-23093 | 2025-02-06 | The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due... |
| CVE-2025-23094 | 2025-02-06 | The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated... |
| CVE-2024-49814 | 2025-02-06 | IBM Security Verify Access Appliance Privilege Escalation |
| CVE-2024-51450 | 2025-02-06 | IBM Security Verify Directory Command Execution |
| CVE-2025-0799 | 2025-02-06 | IBM App Connect Enterprise Arbitrary File Write |
| CVE-2024-51547 | 2025-02-06 | Credentials Disclosure - keys |
| CVE-2025-0522 | 2025-02-06 | LikeBot – Decentralized like-system <= 0.85 - Admin+ Stored XSS via CSRF |
| CVE-2024-13487 | 2025-02-06 | CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function |
| CVE-2025-22890 | 2025-02-06 | Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product... |
| CVE-2025-22894 | 2025-02-06 | Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows... |
| CVE-2025-20094 | 2025-02-06 | Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows... |
| CVE-2025-23236 | 2025-02-06 | Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running... |
| CVE-2025-24483 | 2025-02-06 | NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system where the... |
| CVE-2025-24845 | 2025-02-06 | Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific... |
| CVE-2025-0859 | 2025-02-06 | Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function |
| CVE-2024-45626 | 2025-02-06 | Apache James: denial of service through JMAP HTML to text conversion |
| CVE-2024-37358 | 2025-02-06 | Apache James: denial of service through the use of IMAP literals |
| CVE-2025-0982 | 2025-02-06 | Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine) |
| CVE-2024-57954 | 2025-02-06 | Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-57955 | 2025-02-06 | Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-57956 | 2025-02-06 | Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-57957 | 2025-02-06 | Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-12602 | 2025-02-06 | Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-57958 | 2025-02-06 | Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2024-57959 | 2025-02-06 | Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2024-57960 | 2025-02-06 | Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-57961 | 2025-02-06 | Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2024-57962 | 2025-02-06 | Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-1076 | 2025-02-06 | Stored Cross-Site Scripting vulnerability in Holded |
| CVE-2024-24911 | 2025-02-06 | Out of Bounds read in the CPCA process on Check Point Management Server |
| CVE-2025-1074 | 2025-02-06 | Webkul QloApps URL mylogout cross-site request forgery |
| CVE-2023-5878 | 2025-02-06 | OneWireless command injection possible when updating firmware |
| CVE-2022-31764 | 2025-02-06 | Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC |
| CVE-2025-0994 | 2025-02-06 | Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a... |
| CVE-2024-13614 | 2025-02-06 | Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows... |
| CVE-2024-43779 | 2025-02-06 | An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled,... |
| CVE-2024-39272 | 2025-02-06 | A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker... |
| CVE-2025-22866 | 2025-02-06 | Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec |
| CVE-2025-1078 | 2025-02-06 | AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization |
| CVE-2025-22867 | 2025-02-06 | Arbitrary code execution during build on darwin in cmd/go |
| CVE-2025-24981 | 2025-02-06 | Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc |
| CVE-2025-23217 | 2025-02-06 | Mitmweb API Authentication Bypass Using Proxy Server |
| CVE-2025-24787 | 2025-02-06 | Parameter injection in DB connection URIs leading to local file inclusion in WhoDB |
| CVE-2025-24786 | 2025-02-06 | Path traversal opening Sqlite3 database in WhoDB |
| CVE-2024-13416 | 2025-02-06 | Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS,... |
| CVE-2024-13417 | 2025-02-06 | Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an... |
| CVE-2024-47256 | 2025-02-06 | Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data... |
| CVE-2024-47258 | 2025-02-06 | 2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently... |
| CVE-2024-52892 | 2025-02-06 | IBM Jazz for Service Management Cross-Site Scripting |
| CVE-2024-54171 | 2025-02-06 | IBM EntireX XML external entity injection |
| CVE-2024-56467 | 2025-02-06 | IBM EntireX information disclosure |
| CVE-2025-1081 | 2025-02-06 | Bharti Airtel Xstream Fiber WiFi Password weak credentials |
| CVE-2025-0158 | 2025-02-06 | IBM EntireX denial of service |
| CVE-2025-1004 | 2025-02-06 | Certain HP LaserJet Pro Printers – Potential Denial of Service |
| CVE-2025-1082 | 2025-02-06 | Mindskip xzs-mysql 学之思开源考试系统 Exam Edit edit cross site scripting |
| CVE-2025-21404 | 2025-02-06 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-21267 | 2025-02-06 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-21279 | 2025-02-06 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2025-21177 | 2025-02-06 | Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability |
| CVE-2025-21253 | 2025-02-06 | Microsoft Edge for IOS and Android Spoofing Vulnerability |
| CVE-2025-21283 | 2025-02-06 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2025-21408 | 2025-02-06 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2025-21342 | 2025-02-06 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2025-1083 | 2025-02-06 | Mindskip xzs-mysql 学之思开源考试系统 CORS cross-domain policy |
| CVE-2025-1084 | 2025-02-06 | Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery |
| CVE-2025-0674 | 2025-02-06 | Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel |
| CVE-2025-0675 | 2025-02-06 | Elber Communications Equipment Hidden Functionality |
| CVE-2024-35106 | 2025-02-07 | NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution... |
| CVE-2024-48091 | 2025-02-07 | Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. |
| CVE-2024-52881 | 2025-02-07 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such... |
| CVE-2024-52882 | 2025-02-07 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code... |
| CVE-2024-52883 | 2025-02-07 | An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication. |
| CVE-2024-52884 | 2025-02-07 | An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is... |
| CVE-2024-55213 | 2025-02-07 | Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function. |
| CVE-2024-55214 | 2025-02-07 | Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality. |
| CVE-2024-55215 | 2025-02-07 | An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. |