Lista CVE 2025/2xxx

CVE nel gruppo: 2xxx

CVE-2025-2047 (N/A)

CVE-2025-2048 (PHPGurukul Art Gallery Management System search.php cross site scripting)

CVE-2025-2049 (Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal)

CVE-2025-2050 (code-projects Blood Bank System AB+.php cross site scripting)

CVE-2025-2051 (PHPGurukul User Registration & Login and User Management System login.php sql injection)

CVE-2025-2052 (PHPGurukul Apartment Visitors Management System search-visitor.php sql injection)

CVE-2025-2053 (PHPGurukul Apartment Visitors Management System forgot-password.php sql injection)

CVE-2025-2054 (PHPGurukul Apartment Visitors Management System visitor-detail.php sql injection)

CVE-2025-2056 (code-projects Blood Bank Management System edit_state.php sql injection)

CVE-2025-2057 (WP Ghost <= 5.4.01 - Unauthenticated Limited File Read)

CVE-2025-2058 (PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection)

CVE-2025-2059 (PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection)

CVE-2025-2060 (PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection)

CVE-2025-2061 (PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection)

CVE-2025-2062 (code-projects Online Ticket Reservation System passenger.php cross site scripting)

CVE-2025-2063 (projectworlds Life Insurance Management System clientStatus.php sql injection)

CVE-2025-2064 (projectworlds Life Insurance Management System deleteNominee.php sql injection)

CVE-2025-2065 (projectworlds Life Insurance Management System deletePayment.php sql injection)

CVE-2025-2066 (projectworlds Life Insurance Management System editAgent.php sql injection)

CVE-2025-2067 (projectworlds Life Insurance Management System updateAgent.php sql injection)

CVE-2025-2071 (projectworlds Life Insurance Management System search.php sql injection)

CVE-2025-2072 (OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI)

CVE-2025-2074 (Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI)

CVE-2025-2076 (Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter)

CVE-2025-2077 (binlayerpress <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting)

CVE-2025-2078 (Simple Amazon Affiliate <= 1.0.9 - Reflected Cross-Site Scripting)

CVE-2025-2079 (BlogBuzzTime-for-wp <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting)

CVE-2025-2080 (N/A)

CVE-2025-2081 (N/A)

CVE-2025-2084 (N/A)

CVE-2025-2085 (PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scripting)

CVE-2025-2086 (StarSea99 starsea-mall save cross site scripting)

CVE-2025-2087 (StarSea99 starsea-mall update cross site scripting)

CVE-2025-2088 (StarSea99 starsea-mall update cross site scripting)

CVE-2025-2089 (PHPGurukul Pre-School Enrollment System profile.php sql injection)

CVE-2025-2090 (StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control)

CVE-2025-2093 (PHPGurukul Pre-School Enrollment System Sub Admin add-subadmin.php access control)

CVE-2025-2094 (PHPGurukul Online Library Management System change-password.php password recovery)

CVE-2025-2095 (TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig os command injection)

CVE-2025-2096 (TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection)

CVE-2025-2097 (TOTOLINK EX1800T cstecgi.cgi setRebootScheCfg os command injection)

CVE-2025-2098 (TOTOLINK EX1800T cstecgi.cgi setRptWizardCfg stack-based overflow)

CVE-2025-2103 (Dylib Hijacking in Fast CAD Reader)

CVE-2025-2104 (SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update)

CVE-2025-2106 (Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication)

CVE-2025-2107 (Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection)

CVE-2025-2108 (Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection)

CVE-2025-2109 (140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget)

CVE-2025-2110 (WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function)

CVE-2025-2112 (WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions)

CVE-2025-2113 (user-xiangpeng yaoqishan MediaInfoService.java getMediaLisByFilter sql injection)

CVE-2025-2114 (AT Software Solutions ATSVD Esqueceu a senha sql injection)

CVE-2025-2115 (Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface OperatorStop.asp improper authorization)

CVE-2025-2116 (zzskzy Warehouse Refinement Management System AcceptZip.ashx ProcessRequest unrestricted upload)

CVE-2025-2117 (Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery)

CVE-2025-2118 (Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System reportCenter.do electricDocList sql injection)

CVE-2025-2119 (Quantico Tecnologia PRMV Login Endpoint login.php sql injection)

CVE-2025-2120 (Thinkware Car Dashcam F800 Pro Device Registration default credentials)

CVE-2025-2121 (Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk)

CVE-2025-2122 (Thinkware Car Dashcam F800 Pro File Storage access control)