CVE List - 2025 / February
Showing 701 - 800 of 3676 CVEs for February 2025 (Page 8 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-24980 | 2025-02-07 | User enumeration in pimcore/admin-ui-classic-bundle |
| CVE-2025-25183 | 2025-02-07 | vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache |
| CVE-2025-24366 | 2025-02-07 | Insufficient sanitization of user provided rsync command in SFTPGo |
| CVE-2025-1113 | 2025-02-07 | taisan tarzan-cms Add Theme admin#themes upload deserialization |
| CVE-2024-55630 | 2025-02-07 | DOM Clobbering leads to temporary DOS in the note viewer in Joplin |
| CVE-2025-24028 | 2025-02-07 | Cross-site Scripting (XSS) in Rich Text Editor allows arbitrary code execution in Joplin |
| CVE-2025-1114 | 2025-02-07 | newbee-mall Add Category Page save cross site scripting |
| CVE-2025-25187 | 2025-02-07 | Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin |
| CVE-2025-1115 | 2025-02-08 | RT-Thread lwp_syscall.c sys_timer_settime information disclosure |
| CVE-2025-1116 | 2025-02-08 | Dreamvention Live AJAX Search Free live_search.searchresults search sql injection |
| CVE-2024-13850 | 2025-02-08 | Simple add pages or posts <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2025-1117 | 2025-02-08 | CoinRemitter sql injection |
| CVE-2024-54176 | 2025-02-08 | IBM UrbanCode Deploy missing authentication |
| CVE-2025-0316 | 2025-02-08 | WP Directorybox Manager <= 2.5 - Authentication Bypass |
| CVE-2025-0169 | 2025-02-08 | DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13440 | 2025-02-09 | Super Store Finder <= 7.0 - Unauthenticated SQL Injection to Stored Cross-Site Scripting |
| CVE-2024-57949 | 2025-02-09 | irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() |
| CVE-2025-21684 | 2025-02-09 | gpio: xilinx: Convert gpio_lock to raw spinlock |
| CVE-2025-21685 | 2025-02-09 | platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race |
| CVE-2024-42512 | 2025-02-10 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. |
| CVE-2024-42513 | 2025-02-10 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints. |
| CVE-2024-46429 | 2025-02-10 | A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. |
| CVE-2024-46430 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a... |
| CVE-2024-46431 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. |
| CVE-2024-46432 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration... |
| CVE-2024-46433 | 2025-02-10 | A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. |
| CVE-2024-46434 | 2025-02-10 | Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. |
| CVE-2024-46435 | 2025-02-10 | A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability... |
| CVE-2024-46436 | 2025-02-10 | Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. |
| CVE-2024-46437 | 2025-02-10 | A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded... |
| CVE-2024-48170 | 2025-02-10 | PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php. |
| CVE-2024-54954 | 2025-02-10 | OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. |
| CVE-2024-57177 | 2025-02-10 | A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible... |
| CVE-2024-57178 | 2025-02-10 | An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending a specially crafted 'stock-symbol' parameter to the portofolio() endpoint, it is possible to trigger an SQL injection in the application.... |
| CVE-2024-57407 | 2025-02-10 | An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-57408 | 2025-02-10 | An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-57409 | 2025-02-10 | A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2025-1099 | 2025-02-10 | Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera |
| CVE-2025-25247 | 2025-02-10 | Apache Felix Webconsole: XSS in services console |
| CVE-2025-1175 | 2025-02-10 | Cross-Site Scripting (XSS) vulnerability in Kelio Visio |
| CVE-2024-8684 | 2025-02-10 | OS Command Injection vulnerability in Revolution Pi |
| CVE-2024-8685 | 2025-02-10 | Path-Traversal vulnerability in Revolution Pi |
| CVE-2025-1147 | 2025-02-10 | GNU Binutils nm nm.c internal_strlen buffer overflow |
| CVE-2025-1193 | 2025-02-10 | Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a... |
| CVE-2024-11621 | 2025-02-10 | Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are :... |
| CVE-2025-1148 | 2025-02-10 | GNU Binutils ld ldelfgen.c link_order_scan memory leak |
| CVE-2025-1149 | 2025-02-10 | GNU Binutils ld xmalloc.c xstrdup memory leak |
| CVE-2024-10334 | 2025-02-10 | Camera passwords stored in clear text |
| CVE-2024-11831 | 2025-02-10 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript |
| CVE-2024-12133 | 2025-02-10 | Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos |
| CVE-2024-12243 | 2025-02-10 | Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos |
| CVE-2025-24031 | 2025-02-10 | PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN |
| CVE-2025-24032 | 2025-02-10 | PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`) |
| CVE-2025-24892 | 2025-02-10 | OpenProject stored HTML injection vulnerability |
| CVE-2025-25186 | 2025-02-10 | Net::IMAP vulnerable to possible DoS by memory exhaustion |
| CVE-2024-57950 | 2025-02-10 | drm/amd/display: Initialize denominator defaults to 1 |
| CVE-2025-21687 | 2025-02-10 | vfio/platform: check the bounds of read/write syscalls |
| CVE-2025-21688 | 2025-02-10 | drm/v3d: Assign job pointer to NULL before signaling the fence |
| CVE-2025-21689 | 2025-02-10 | USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() |
| CVE-2025-21690 | 2025-02-10 | scsi: storvsc: Ratelimit warning logs to prevent VM denial of service |
| CVE-2025-21691 | 2025-02-10 | cachestat: fix page cache statistics permission checking |
| CVE-2025-21692 | 2025-02-10 | net: sched: fix ets qdisc OOB Indexing |
| CVE-2025-21693 | 2025-02-10 | mm: zswap: properly synchronize freeing resources during CPU hotunplug |
| CVE-2025-1150 | 2025-02-10 | GNU Binutils ld libbfd.c bfd_malloc memory leak |
| CVE-2025-1151 | 2025-02-10 | GNU Binutils ld xmemdup.c xmemdup memory leak |
| CVE-2025-25188 | 2025-02-10 | DNSSEC validation may accept broken authentication chains |
| CVE-2025-1152 | 2025-02-10 | GNU Binutils ld xstrdup.c xstrdup memory leak |
| CVE-2024-54658 | 2025-02-10 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing... |
| CVE-2024-27859 | 2025-02-10 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content... |
| CVE-2024-13011 | 2025-02-10 | WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload |
| CVE-2024-13010 | 2025-02-10 | WP Foodbakery <= 4.7 - Reflected Cross-Site Scripting |
| CVE-2024-8550 | 2025-02-10 | Local File Inclusion (LFI) in modelscope/agentscope |
| CVE-2024-10649 | 2025-02-10 | Unauthenticated File Upload in wandb/openui |
| CVE-2024-13059 | 2025-02-10 | Path Traversal in mintplex-labs/anything-llm |
| CVE-2025-1153 | 2025-02-10 | GNU Binutils format.c bfd_set_format memory corruption |
| CVE-2025-24200 | 2025-02-10 | An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on... |
| CVE-2025-24016 | 2025-02-10 | Remote code execution in Wazuh server |
| CVE-2025-1154 | 2025-02-10 | xxyopen Novel books sql injection |
| CVE-2025-1155 | 2025-02-10 | Webkul QloApps Your Location Search stores cross site scripting |
| CVE-2025-1156 | 2025-02-10 | Pix Software Vivaz servlet sql injection |
| CVE-2025-1002 | 2025-02-10 | MicroDicom DICOM Viewer Improper Certificate Validation |
| CVE-2025-1157 | 2025-02-10 | Allims lab.online model_recuperar_senha.php sql injection |
| CVE-2025-1158 | 2025-02-10 | ESAFENET CDG addPolicyToSafetyGroup.jsp sql injection |
| CVE-2025-24970 | 2025-02-10 | SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine |
| CVE-2025-1159 | 2025-02-10 | CampCodes School Management Software academic-calendar cross site scripting |
| CVE-2025-25193 | 2025-02-10 | Denial of Service attack on windows app using Netty |
| CVE-2025-25189 | 2025-02-10 | [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script |
| CVE-2025-25190 | 2025-02-10 | [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server |
| CVE-2025-25194 | 2025-02-10 | Server-Side Request Forgery (SSRF) in activitypub_federation |
| CVE-2025-1160 | 2025-02-10 | SourceCodester Employee Management System index.php default credentials |
| CVE-2025-1162 | 2025-02-10 | code-projects Job Recruitment load\_user-profile.php sql injection |
| CVE-2025-1163 | 2025-02-10 | code-projects Vehicle Parking Management System Authentication login stack-based overflow |
| CVE-2022-35202 | 2025-02-11 | A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests.... |
| CVE-2022-37660 | 2025-02-11 | In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the... |
| CVE-2024-33469 | 2025-02-11 | An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java. |
| CVE-2024-44336 | 2025-02-11 | An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage. |
| CVE-2024-51324 | 2025-02-11 | An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack. |
| CVE-2024-54772 | 2025-02-11 | An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18.... |
| CVE-2024-54916 | 2025-02-11 | An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode... |
| CVE-2024-55212 | 2025-02-11 | DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx. |