Lista CVE 2025/27xxx

CVE nel gruppo: 27xxx

CVE-2025-27000 (N/A)

CVE-2025-27001 (WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability)

CVE-2025-27012 (WordPress Shipmondo plugin <= 5.0.3 - Authenticated Arbitrary WordPress Option Disclosure vulnerability)

CVE-2025-27013 (WordPress A1POST.BG Shipping for Woo plugin <= 1.5.1 - CSRF to Privilege Escalation vulnerability)

CVE-2025-27014 (WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability)

CVE-2025-27015 (WordPress Hostiko Theme < 30.1 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-27016 (WordPress Hostiko Theme < 30.1 - Local File Inclusion vulnerability)

CVE-2025-27017 (WordPress Drivr Lite – Google Drive Plugin plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability)

CVE-2025-27018 (Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record)

CVE-2025-27080 (Apache Airflow MySQL Provider: SQL injection in MySQL provider core function)

CVE-2025-27088 (Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface)

CVE-2025-27089 (Reflected Cross-site Scripting (XSS) in template implementation in oxyno-zeta/s3-proxy)

CVE-2025-27090 (Overlapping policies allow update to non-allowed fields in directus)

CVE-2025-27091 (Server-Side Request Forgery (SSRF) in sliver teamserver)

CVE-2025-27092 (OpenH264 Decoding Functions Heap Overflow Vulnerability)

CVE-2025-27094 (Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint)

CVE-2025-27095 (Tuleap allows default values to be cleared from field configuration)

CVE-2025-27096 (JumpServer has a Kubernetes Token Leak Vulnerability)

CVE-2025-27097 (SQL Injection endpoint ‘html/personalizacao_upload.php’ parameter ‘id_campo’ in WeGIA)

CVE-2025-27098 (Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation)