Lista CVE 2025/24xxx

CVE nel gruppo: 24xxx

CVE-2025-24001 (N/A)

CVE-2025-24010 (WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability)

CVE-2025-24011 (Vite allows any websites to send any requests to the development server and read the response)

CVE-2025-24012 (Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes)

CVE-2025-24013 (Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability)

CVE-2025-24014 (CodeIgniter validation of header name and value)

CVE-2025-24016 (segmentation fault in win_line() in Vim < 9.1.1043)

CVE-2025-24017 (Remote code execution in Wazuh server)

CVE-2025-24018 (YesWiki Vulnerable to Unauthenticated DOM Based XSS)

CVE-2025-24019 (YesWiki Vulnerable to Authenticated Stored XSS)

CVE-2025-24020 (YesWiki vulnerable to authenticated arbitrary file deletion)

CVE-2025-24023 (WeGIA Open Redirect vulnerability)

CVE-2025-24024 (Observable Response Discrepancy in flask-appbuilder)

CVE-2025-24025 (Mjolnir v1.9.0 accepts commands from any room)

CVE-2025-24027 (Coolify Vulnerable to Reflected XSS on Tag Search)

CVE-2025-24028 (ps_contactinfo has potential XSS due to usage of the nofilter tag in template)

CVE-2025-24029 (Cross-site Scripting (XSS) in Rich Text Editor allows arbitrary code execution in Joplin)

CVE-2025-24030 (Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap)

CVE-2025-24031 (Envoy Admin Interface Exposed through prometheus metrics endpoint)

CVE-2025-24032 (PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN)