Lista CVE 2025/1xxx

CVE nel gruppo: 1xxx

CVE-2025-1063 (N/A)

CVE-2025-1064 (Classified Listing – Classified ads & Business Directory Plugin <= 4.0.4 - Unauthenticated Settings Exposure)

CVE-2025-1065 (Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode)

CVE-2025-1066 (Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File)

CVE-2025-1067 (CVE-2025-1066)

CVE-2025-1068 (There is a code injection vulnerability in ArcGIS Pro)

CVE-2025-1070 (There is a code injection vulnerability in Esri ArcGIS AllSource)

CVE-2025-1071 (N/A)

CVE-2025-1072 (WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module)

CVE-2025-1074 (Allocation of Resources Without Limits or Throttling in GitLab)

CVE-2025-1075 (Webkul QloApps URL mylogout cross-site request forgery)

CVE-2025-1076 (LDAP credentials logged to Apache error log)

CVE-2025-1077 (Stored Cross-Site Scripting vulnerability in Holded)

CVE-2025-1078 (Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather))

CVE-2025-1080 (AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization)

CVE-2025-1081 (Macro URL arbitrary script execution)

CVE-2025-1082 (Bharti Airtel Xstream Fiber WiFi Password weak credentials)

CVE-2025-1083 (Mindskip xzs-mysql 学之思开源考试系统 Exam Edit edit cross site scripting)

CVE-2025-1084 (Mindskip xzs-mysql 学之思开源考试系统 CORS cross-domain policy)

CVE-2025-1085 (Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery)

CVE-2025-1086 (Animati PACS login cross site scripting)

CVE-2025-1091 (Safetytest Cloud-Master Server static path traversal)

CVE-2025-1094 (Broken Authorization Schema)

CVE-2025-1096 (PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation)

CVE-2025-1097 (N/A)

CVE-2025-1098 (ingress-nginx controller – configuration injection via unsanitized auth-tls-match-cn annotation)

CVE-2025-1099 (ingress-nginx controller – configuration injection via unsanitized mirror annotations)

CVE-2025-1100 (Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera)

CVE-2025-1101 (N/A)

CVE-2025-1102 (N/A)

CVE-2025-1103 (N/A)

CVE-2025-1104 (D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference)

CVE-2025-1105 (D-Link DHP-W310AV authentication spoofing)

CVE-2025-1106 (SiberianCMS HTTP GET Request flat cross site scripting)

CVE-2025-1107 (CmsEasy database_admin.php restore_action path traversal)

CVE-2025-1108 (Unverified password change vulnerability in Janto)

CVE-2025-1113 (Insufficient data authenticity vulnerability in Janto)

CVE-2025-1114 (taisan tarzan-cms Add Theme admin#themes upload deserialization)

CVE-2025-1115 (newbee-mall Add Category Page save cross site scripting)

CVE-2025-1116 (RT-Thread lwp_syscall.c sys_timer_settime information disclosure)

CVE-2025-1117 (Dreamvention Live AJAX Search Free live_search.searchresults search sql injection)

CVE-2025-1118 (CoinRemitter sql injection)

CVE-2025-1119 (Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled)

CVE-2025-1121 (Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution)

CVE-2025-1125 (Privilege Escalation via modified recovery Image)

CVE-2025-1126 (Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write)

CVE-2025-1127 (Lexmark has identified a vulnerability in our Lexmark Print Management Client (LPMC).)

CVE-2025-1128 (Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server)

CVE-2025-1132 (Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion)

CVE-2025-1133 (SQL Injection in ChurchCRM EN_tyid Parameter via EditEventAttendees.php)

CVE-2025-1134 (SQL Injection in ChurchCRM EID Parameter via EditEventAttendees.php)

CVE-2025-1135 (SQL Injection in ChurchCRM CurrentFundraiser Parameter via DonatedItemEditor.php)

CVE-2025-1143 (SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php)

CVE-2025-1144 (Billion Electric M120N – Use of Hard-coded Credentials)

CVE-2025-1145 (Quanxun School Affairs System – Exposure of Sensitive Information)

CVE-2025-1146 (NetVision Information ISOinsight – Reflected Cross-site Scripting)

CVE-2025-1147 (CrowdStrike Falcon Sensor for Linux TLS Issue)

CVE-2025-1148 (GNU Binutils nm nm.c internal_strlen buffer overflow)

CVE-2025-1149 (GNU Binutils ld ldelfgen.c link_order_scan memory leak)

CVE-2025-1150 (GNU Binutils ld xmalloc.c xstrdup memory leak)