Lista CVE 2025/1xxx

CVE nel gruppo: 1xxx

CVE-2025-1022 (N/A)

CVE-2025-1023 (N/A)

CVE-2025-1024 (SQL Injection in ChurchCRM newCountName Parameter via EditEventTypes.php)

CVE-2025-1025 (Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter)

CVE-2025-1026 (N/A)

CVE-2025-1028 (N/A)

CVE-2025-1035 (Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload)

CVE-2025-1039 (Path Traversal in Komtera Technolgies’ KLog Server)

CVE-2025-1040 (Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Field)

CVE-2025-1042 (Server-Side Template Injection (SSTI) in significant-gravitas/autogpt)

CVE-2025-1043 (Files or Directories Accessible to External Parties in GitLab)

CVE-2025-1044 (Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode)

CVE-2025-1052 (Logsign Unified SecOps Platform Authentication Bypass Vulnerability)

CVE-2025-1053 (Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability)

CVE-2025-1057 (Brocade SANnav encryption key is logged in the debug logs)

CVE-2025-1058 (Keylime: keylime registrar dos due to incompatible database entry handling)

CVE-2025-1059 (N/A)

CVE-2025-1060 (N/A)

CVE-2025-1061 (N/A)

CVE-2025-1062 (Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider)

CVE-2025-1063 (Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS)

CVE-2025-1064 (Classified Listing – Classified ads & Business Directory Plugin <= 4.0.4 - Unauthenticated Settings Exposure)

CVE-2025-1065 (Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode)

CVE-2025-1066 (Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File)

CVE-2025-1067 (CVE-2025-1066)

CVE-2025-1068 (There is a code injection vulnerability in ArcGIS Pro)

CVE-2025-1070 (There is a code injection vulnerability in Esri ArcGIS AllSource)

CVE-2025-1071 (N/A)

CVE-2025-1072 (WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module)

CVE-2025-1074 (Allocation of Resources Without Limits or Throttling in GitLab)

CVE-2025-1075 (Webkul QloApps URL mylogout cross-site request forgery)

CVE-2025-1076 (LDAP credentials logged to Apache error log)

CVE-2025-1077 (Stored Cross-Site Scripting vulnerability in Holded)

CVE-2025-1078 (Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather))

CVE-2025-1080 (AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization)

CVE-2025-1081 (Macro URL arbitrary script execution)

CVE-2025-1082 (Bharti Airtel Xstream Fiber WiFi Password weak credentials)

CVE-2025-1083 (Mindskip xzs-mysql 学之思开源考试系统 Exam Edit edit cross site scripting)

CVE-2025-1084 (Mindskip xzs-mysql 学之思开源考试系统 CORS cross-domain policy)

CVE-2025-1085 (Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery)