Lista CVE 2025/22xxx

CVE nel gruppo: 22xxx

CVE-2025-22129 (N/A)

CVE-2025-22130 (Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap)

CVE-2025-22131 (Soft Serve allows path traversal attacks)

CVE-2025-22132 (Cross-Site Scripting (XSS) vulnerability in generateNavigation() function)

CVE-2025-22133 (WeGIA has a Cross-Site Scripting (XSS) in File Upload Field)

CVE-2025-22134 (WeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE))

CVE-2025-22136 (heap-buffer-overflow with visual mode in Vim < 9.1.1003)

CVE-2025-22137 (Tabby has a TCC Bypass via Misconfigured Node Fuses)

CVE-2025-22138 (Arbitrary File Overwrite via HTTP POST in Pingvin Share)

CVE-2025-22139 (Private categories allow suggested edits to be viewed via the queue in @codidact/qpixel)

CVE-2025-22140 (WeGIA Cross-Site Scripting (XSS) Reflected endpoint `configuracao_geral.php` parameter `msg`)

CVE-2025-22141 (WeGIA SQL Injection (Blind Time-Based) endpoint ‘dependente_listar_um.php’ parameter ‘id_dependente’)

CVE-2025-22142 (WeGIA SQL Injection (Blind Time-Based) endpoint ‘verificar_recursos_cargo.php’ parameter ‘cargo’)

CVE-2025-22143 (Cross-site Scripting in NamelessMC)

CVE-2025-22144 (WeGIA Cross-Site Scripting (XSS) Reflected endpoint ‘listar_permissoes.php’ parameter ‘msg_e’)

CVE-2025-22145 (Account Takeover in NamelessMC)

CVE-2025-22146 (Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale)

CVE-2025-22149 (Improper authentication on SAML SSO process allows user impersonation in sentry)

CVE-2025-22150 (JWK Set’s HTTP client only overwrites and appends JWK to local cache during refresh)

CVE-2025-22151 (Undici Uses Insufficiently Random Values)