Pagina 4 – Azienda Sicura

Lista CVE 2025/2xxx

CVE nel gruppo: 2xxx

CVE-2025-2071 (Clicca per dettagli)

CVE-2025-2072 (OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI)

CVE-2025-2074 (Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI)

CVE-2025-2076 (Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter)

CVE-2025-2077 (binlayerpress <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting)

CVE-2025-2078 (Simple Amazon Affiliate <= 1.0.9 - Reflected Cross-Site Scripting)

CVE-2025-2079 (BlogBuzzTime-for-wp <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting)

CVE-2025-2080 (Clicca per dettagli)

CVE-2025-2081 (Clicca per dettagli)

CVE-2025-2084 (Clicca per dettagli)

CVE-2025-2085 (PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scripting)

CVE-2025-2086 (StarSea99 starsea-mall save cross site scripting)

CVE-2025-2087 (StarSea99 starsea-mall update cross site scripting)

CVE-2025-2088 (StarSea99 starsea-mall update cross site scripting)

CVE-2025-2089 (PHPGurukul Pre-School Enrollment System profile.php sql injection)

CVE-2025-2090 (StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control)

CVE-2025-2093 (PHPGurukul Pre-School Enrollment System Sub Admin add-subadmin.php access control)

CVE-2025-2094 (PHPGurukul Online Library Management System change-password.php password recovery)

CVE-2025-2095 (TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig os command injection)

CVE-2025-2096 (TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection)

CVE-2025-2097 (TOTOLINK EX1800T cstecgi.cgi setRebootScheCfg os command injection)

CVE-2025-2098 (TOTOLINK EX1800T cstecgi.cgi setRptWizardCfg stack-based overflow)

CVE-2025-2103 (Dylib Hijacking in Fast CAD Reader)

CVE-2025-2104 (SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update)

CVE-2025-2106 (Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication)

CVE-2025-2107 (Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection)

CVE-2025-2108 (Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection)

CVE-2025-2109 (140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget)

CVE-2025-2110 (WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function)

CVE-2025-2112 (WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions)

CVE-2025-2113 (user-xiangpeng yaoqishan MediaInfoService.java getMediaLisByFilter sql injection)

CVE-2025-2114 (AT Software Solutions ATSVD Esqueceu a senha sql injection)

CVE-2025-2115 (Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface OperatorStop.asp improper authorization)

CVE-2025-2116 (zzskzy Warehouse Refinement Management System AcceptZip.ashx ProcessRequest unrestricted upload)

CVE-2025-2117 (Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery)

CVE-2025-2118 (Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System reportCenter.do electricDocList sql injection)

CVE-2025-2119 (Quantico Tecnologia PRMV Login Endpoint login.php sql injection)

CVE-2025-2120 (Thinkware Car Dashcam F800 Pro Device Registration default credentials)

CVE-2025-2121 (Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk)

CVE-2025-2122 (Thinkware Car Dashcam F800 Pro File Storage access control)

CVE-2025-2123 (Thinkware Car Dashcam F800 Pro Connection denial of service)

CVE-2025-2124 (GeSHi CSS cssgen.php get_var cross site scripting)

CVE-2025-2125 (Control iD RH iD API change_password cross site scripting)

CVE-2025-2126 (Control iD RH iD PDF Document companyId resource injection)

CVE-2025-2127 (JoomlaUX JUX Real Estate GET Parameter realties sql injection)

CVE-2025-2129 (JoomlaUX JUX Real Estate realties cross site scripting)

CVE-2025-2130 (Mage AI insecure default initialization of resource)

CVE-2025-2131 (OpenXE Ticket Bearbeiten Page cross site scripting)

CVE-2025-2132 (dayrui XunRuiCMS Friendly Links cross site scripting)

CVE-2025-2133 (ftcms Search ajax_all_lists sql injection)

CVE-2025-2135 (ftcms edit cross site scripting)

CVE-2025-2136 (Clicca per dettagli)

CVE-2025-2137 (Clicca per dettagli)

CVE-2025-2147 (Clicca per dettagli)

CVE-2025-2148 (Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System file access)

CVE-2025-2149 (PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption)

CVE-2025-2150 (PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization)

CVE-2025-2151 (HGiga C&Cm@il – Stored Cross-Site Scripting)

CVE-2025-2152 (Open Asset Import Library Assimp File ParsingUtils.h GetNextLine stack-based overflow)

CVE-2025-2153 (Open Asset Import Library Assimp File BaseImporter.cpp ConvertToUTF8 heap-based overflow)

CVE-2025-2157 (HDF5 h5 File H5SM.c H5SM_delete heap-based overflow)

CVE-2025-2163 (Foreman: disclosure of executed commands and outputs in foreman / red hat satellite)

CVE-2025-2164 (Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting)

CVE-2025-2165 (pixelstats <= 0.8.2 - Reflected Cross-Site Scripting)

CVE-2025-2166 (SH Email Alert <= 1.0 - Reflected Cross-Site Scripting)

CVE-2025-2167 (CM FAQ – Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scripting)

CVE-2025-2169 (Event post <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2025-2173 (WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution)

CVE-2025-2174 (libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer)

CVE-2025-2175 (libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow)

CVE-2025-2176 (libzvbi _vbi_strndup_iconv integer overflow)

CVE-2025-2177 (libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow)

CVE-2025-2186 (libzvbi search.c vbi_search_new integer overflow)

CVE-2025-2189 (Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId')

CVE-2025-2190 (Information Disclosure Vulnerability in Tinxy Smart Devices)

CVE-2025-2191 (Clicca per dettagli)

CVE-2025-2192 (Claro A7600-A1 Ping6 Diagnóstico form2pingv6.cgi cross site scripting)

CVE-2025-2193 (Stoque Zeev.it Login Page server-side request forgery)

CVE-2025-2194 (MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal)

CVE-2025-2195 (MRCMS org.marker.mushroom.controller.FileController list.do list cross site scripting)

Precedente Successivo