Lista CVE 2025/22xxx

CVE nel gruppo: 22xxx

CVE-2025-22152 (N/A)

CVE-2025-22153 (Improper Path Validation Enables Path Traversal in Multiple Components in Atheos)

CVE-2025-22204 (try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter)

CVE-2025-22205 (Extension – regularlabs.com – Remote code execution vulnerability in the Sourcerer extensions < 12.0.0 for Joomla)

CVE-2025-22206 (Extension – admiror-design-studio.com – Path traversal in the Admiror Gallery 4.x component for Joomla)

CVE-2025-22207 (Extension – joomsky.com – SQL injection in JS jobs component version 1.1.5 – 1.4.2 for Joomla)

CVE-2025-22208 ([20250201] – Core – SQL injection vulnerability in Scheduled Tasks component)

CVE-2025-22209 (Extension – joomsky.com – SQL injection in JS jobs component version 1.1.5 – 1.4.3 for Joomla)

CVE-2025-22210 (Extension – joomsky.com – SQL injection in JS jobs component version 1.1.5 – 1.4.3 for Joomla)

CVE-2025-22211 (Extension – hikashop.com – SQL injection in Hikashop component version 3.3.0 – 5.1.4 for Joomla)

CVE-2025-22212 (Extension – webdesigner-profi.de – SQL injection in JoomShopping component version 1.0.0 – 5.5.5 for Joomla)

CVE-2025-22213 (Extension – tassos.gr – SQL injection in Convert Forms component version 1.0.0-1.0.0 – 4.4.9 for Joomla)

CVE-2025-22214 ([20250301] – Core – Malicious file uploads via Media Manager)

CVE-2025-22215 (N/A)

CVE-2025-22216 (VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215))

CVE-2025-22217 (CVE-2025-22216 UAA Missing Zone Validation)

CVE-2025-22218 (N/A)

CVE-2025-22219 (VMware Aria Operations for Logs information disclosure vulnerability)

CVE-2025-22220 (VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219))

CVE-2025-22221 (VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220))

CVE-2025-22222 (VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22221))

CVE-2025-22223 (VMware Aria Operations information disclosure vulnerability (CVE-2025-22222))

CVE-2025-22224 (N/A)

CVE-2025-22225 (N/A)

CVE-2025-22226 (N/A)

CVE-2025-22228 (N/A)

CVE-2025-22230 (CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length)

CVE-2025-22231 (Authentication bypass vulnerability)

CVE-2025-22260 (VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231))

CVE-2025-22261 (WordPress Meta Tag Manager plugin <= 3.1 - Broken Access Control vulnerability)

CVE-2025-22262 (WordPress WP FullCalendar plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-22264 (WordPress Bonjour Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-22265 (WordPress WP Query Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-22267 (WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability)

CVE-2025-22270 (WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-22271 (Stored XSS in CyberArk Endpoint Privilege Manager)

CVE-2025-22272 (IP Spoofing in CyberArk Endpoint Privilege Manager)

CVE-2025-22273 (Self Reflected XSS in CyberArk Endpoint Privilege Manager)

CVE-2025-22274 (Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager)

CVE-2025-22275 (HTML injection in CyberArk Endpoint Privilege Manager)