CVE List - 2025 / February
Showing 701 - 800 of 3678 CVEs for February 2025 (Page 8 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-41528 | 2025-02-07 | Improper authorization related to Import / Export interfaces on RISC Platform |
| CVE-2025-24980 | 2025-02-07 | User enumeration in pimcore/admin-ui-classic-bundle |
| CVE-2025-25183 | 2025-02-07 | vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache |
| CVE-2025-24366 | 2025-02-07 | Insufficient sanitization of user provided rsync command in SFTPGo |
| CVE-2025-1113 | 2025-02-07 | taisan tarzan-cms Add Theme admin#themes upload deserialization |
| CVE-2024-55630 | 2025-02-07 | DOM Clobbering leads to temporary DOS in the note viewer in Joplin |
| CVE-2025-24028 | 2025-02-07 | Cross-site Scripting (XSS) in Rich Text Editor allows arbitrary code execution in Joplin |
| CVE-2025-1114 | 2025-02-07 | newbee-mall Add Category Page save cross site scripting |
| CVE-2025-25187 | 2025-02-07 | Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin |
| CVE-2025-1115 | 2025-02-08 | RT-Thread lwp_syscall.c sys_timer_settime information disclosure |
| CVE-2025-1116 | 2025-02-08 | Dreamvention Live AJAX Search Free live_search.searchresults search sql injection |
| CVE-2024-13850 | 2025-02-08 | Simple add pages or posts <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2025-1117 | 2025-02-08 | CoinRemitter sql injection |
| CVE-2024-54176 | 2025-02-08 | IBM UrbanCode Deploy missing authentication |
| CVE-2025-0316 | 2025-02-08 | WP Directorybox Manager <= 2.5 - Authentication Bypass |
| CVE-2025-0169 | 2025-02-08 | DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13440 | 2025-02-09 | Super Store Finder <= 7.0 - Unauthenticated SQL Injection to Stored Cross-Site Scripting |
| CVE-2024-57949 | 2025-02-09 | irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() |
| CVE-2025-21684 | 2025-02-09 | gpio: xilinx: Convert gpio_lock to raw spinlock |
| CVE-2025-21685 | 2025-02-09 | platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race |
| CVE-2024-42512 | 2025-02-10 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158... |
| CVE-2024-42513 | 2025-02-10 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158... |
| CVE-2024-46429 | 2025-02-10 | A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated... |
| CVE-2024-46430 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized... |
| CVE-2024-46431 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker... |
| CVE-2024-46432 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An... |
| CVE-2024-46433 | 2025-02-10 | A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated... |
| CVE-2024-46434 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web... |
| CVE-2024-46435 | 2025-02-10 | A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web... |
| CVE-2024-46436 | 2025-02-10 | Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers... |
| CVE-2024-46437 | 2025-02-10 | A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625)... |
| CVE-2024-48170 | 2025-02-10 | PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting... |
| CVE-2024-54954 | 2025-02-10 | OneBlog v2.3.6 was discovered to contain a template injection vulnerability... |
| CVE-2024-57177 | 2025-02-10 | A host header injection vulnerability exists in the NPM package... |
| CVE-2024-57178 | 2025-02-10 | An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending... |
| CVE-2024-57407 | 2025-02-10 | An arbitrary file upload vulnerability in the component /userPicture of... |
| CVE-2024-57408 | 2025-02-10 | An arbitrary file upload vulnerability in the component /comm/upload of... |
| CVE-2024-57409 | 2025-02-10 | A stored cross-site scripting (XSS) vulnerability in the Parameter List... |
| CVE-2025-1099 | 2025-02-10 | Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera |
| CVE-2025-25247 | 2025-02-10 | Apache Felix Webconsole: XSS in services console |
| CVE-2025-1175 | 2025-02-10 | Cross-Site Scripting (XSS) vulnerability in Kelio Visio |
| CVE-2024-8684 | 2025-02-10 | OS Command Injection vulnerability in Revolution Pi |
| CVE-2024-8685 | 2025-02-10 | Path-Traversal vulnerability in Revolution Pi |
| CVE-2025-1147 | 2025-02-10 | GNU Binutils nm nm.c internal_strlen buffer overflow |
| CVE-2025-1193 | 2025-02-10 | Improper host validation in the certificate validation component in Devolutions... |
| CVE-2024-11621 | 2025-02-10 | Missing certificate validation in Devolutions Remote Desktop Manager on macOS,... |
| CVE-2025-1148 | 2025-02-10 | GNU Binutils ld ldelfgen.c link_order_scan memory leak |
| CVE-2025-1149 | 2025-02-10 | GNU Binutils ld xmalloc.c xstrdup memory leak |
| CVE-2024-10334 | 2025-02-10 | Camera passwords stored in clear text |
| CVE-2024-11831 | 2025-02-10 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript |
| CVE-2024-12133 | 2025-02-10 | Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos |
| CVE-2024-12243 | 2025-02-10 | Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos |
| CVE-2025-24031 | 2025-02-10 | PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN |
| CVE-2025-24032 | 2025-02-10 | PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`) |
| CVE-2025-24892 | 2025-02-10 | OpenProject stored HTML injection vulnerability |
| CVE-2025-25186 | 2025-02-10 | Net::IMAP vulnerable to possible DoS by memory exhaustion |
| CVE-2024-57950 | 2025-02-10 | drm/amd/display: Initialize denominator defaults to 1 |
| CVE-2025-21687 | 2025-02-10 | vfio/platform: check the bounds of read/write syscalls |
| CVE-2025-21688 | 2025-02-10 | drm/v3d: Assign job pointer to NULL before signaling the fence |
| CVE-2025-21689 | 2025-02-10 | USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() |
| CVE-2025-21690 | 2025-02-10 | scsi: storvsc: Ratelimit warning logs to prevent VM denial of service |
| CVE-2025-21691 | 2025-02-10 | cachestat: fix page cache statistics permission checking |
| CVE-2025-21692 | 2025-02-10 | net: sched: fix ets qdisc OOB Indexing |
| CVE-2025-21693 | 2025-02-10 | mm: zswap: properly synchronize freeing resources during CPU hotunplug |
| CVE-2025-1150 | 2025-02-10 | GNU Binutils ld libbfd.c bfd_malloc memory leak |
| CVE-2025-1151 | 2025-02-10 | GNU Binutils ld xmemdup.c xmemdup memory leak |
| CVE-2025-25188 | 2025-02-10 | DNSSEC validation may accept broken authentication chains |
| CVE-2025-1152 | 2025-02-10 | GNU Binutils ld xstrdup.c xstrdup memory leak |
| CVE-2024-54658 | 2025-02-10 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-27859 | 2025-02-10 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-13011 | 2025-02-10 | WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload |
| CVE-2024-13010 | 2025-02-10 | WP Foodbakery <= 4.7 - Reflected Cross-Site Scripting |
| CVE-2024-8550 | 2025-02-10 | Local File Inclusion (LFI) in modelscope/agentscope |
| CVE-2024-10649 | 2025-02-10 | Unauthenticated File Upload in wandb/openui |
| CVE-2024-13059 | 2025-02-10 | Path Traversal in mintplex-labs/anything-llm |
| CVE-2025-1153 | 2025-02-10 | GNU Binutils format.c bfd_set_format memory corruption |
| CVE-2025-24200 | 2025-02-10 | An authorization issue was addressed with improved state management. This... |
| CVE-2025-24016 | 2025-02-10 | Remote code execution in Wazuh server |
| CVE-2025-1154 | 2025-02-10 | xxyopen Novel books sql injection |
| CVE-2025-1155 | 2025-02-10 | Webkul QloApps Your Location Search stores cross site scripting |
| CVE-2025-1156 | 2025-02-10 | Pix Software Vivaz servlet sql injection |
| CVE-2025-1002 | 2025-02-10 | MicroDicom DICOM Viewer Improper Certificate Validation |
| CVE-2025-1157 | 2025-02-10 | Allims lab.online model_recuperar_senha.php sql injection |
| CVE-2025-1158 | 2025-02-10 | ESAFENET CDG addPolicyToSafetyGroup.jsp sql injection |
| CVE-2025-24970 | 2025-02-10 | SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine |
| CVE-2025-1159 | 2025-02-10 | CampCodes School Management Software academic-calendar cross site scripting |
| CVE-2025-25193 | 2025-02-10 | Denial of Service attack on windows app using Netty |
| CVE-2025-25189 | 2025-02-10 | [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script |
| CVE-2025-25190 | 2025-02-10 | [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server |
| CVE-2025-25194 | 2025-02-10 | Server-Side Request Forgery (SSRF) in activitypub_federation |
| CVE-2025-1160 | 2025-02-10 | SourceCodester Employee Management System index.php default credentials |
| CVE-2025-1162 | 2025-02-10 | code-projects Job Recruitment load\_user-profile.php sql injection |
| CVE-2025-1163 | 2025-02-10 | code-projects Vehicle Parking Management System Authentication login stack-based overflow |
| CVE-2022-35202 | 2025-02-11 | A security issue in Sitevision version 10.3.1 and older allows... |
| CVE-2022-37660 | 2025-02-11 | In hostapd 2.10 and earlier, the PKEX code remains active... |
| CVE-2024-33469 | 2025-02-11 | An issue in Team Amaze Amaze File Manager v.3.8.5 and... |
| CVE-2024-44336 | 2025-02-11 | An issue in AnkiDroid Android Application v2.17.6 allows attackers to... |
| CVE-2024-51324 | 2025-02-11 | An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083... |
| CVE-2024-54772 | 2025-02-11 | An issue was discovered in the Winbox service of MikroTik... |
| CVE-2024-54916 | 2025-02-11 | An issue in the SharedConfig class of Telegram Android APK... |