VULNMAP - Vulnerabilità di Sicurezza

Lista CVE - 2025 / Ottobre

Visualizzazione 1501 - 1600 di 4280 CVE per Ottobre 2025 (Pagina 16 di 43)

ID CVE Data Titolo
CVE-2025-11594 2025-10-11 ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input
CVE-2025-58298 2025-10-11 Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58299 2025-10-11 Use After Free (UAF) vulnerability in the storage management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58300 2025-10-11 Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58301 2025-10-11 Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58289 2025-10-11 Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-58293 2025-10-11 Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.
CVE-2025-9621 2025-10-11 WidgetPack Comment System <= 1.6.1 - Cross-Site Request Forgery
CVE-2025-10167 2025-10-11 Stock History & Reports Manager for WooCommerce <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7652 2025-10-11 Easy Plugin Stats <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-6439 2025-10-11 WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion
CVE-2025-9975 2025-10-11 WP Scraper <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery
CVE-2025-10190 2025-10-11 WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9626 2025-10-11 Page Blocks <= 1.1.0 - Cross-Site Request Forgery
CVE-2025-8682 2025-10-11 Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation
CVE-2025-9950 2025-10-11 Error Log Viewer by BestWebSoft <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read
CVE-2025-8484 2025-10-11 Code Quality Control Tool <= 0.1 - Unauthenticated Information Exposure via Log Files
CVE-2025-8593 2025-10-11 GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
CVE-2025-10175 2025-10-11 WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection
CVE-2025-8606 2025-10-11 GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation
CVE-2025-9947 2025-10-11 Custom 404 Pro <= 3.12.0 - Authenticated (Administrator+) SQL Injection via `path` Parameter
CVE-2025-10375 2025-10-11 Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery
CVE-2025-10129 2025-10-11 WordPress Live Webcam Widget & Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-10376 2025-10-11 Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery
CVE-2025-11595 2025-10-11 Campcodes Online Apartment Visitor Management System admin-profile.php sql injection
CVE-2025-11596 2025-10-11 code-projects E-Commerce Website delete_order_details.php sql injection
CVE-2025-11597 2025-10-11 code-projects E-Commerce Website product_add_qty.php sql injection
CVE-2025-11599 2025-10-11 Campcodes Online Apartment Visitor Management System forgot-password.php sql injection
CVE-2025-11600 2025-10-11 code-projects Simple Food Ordering System editcategory.php sql injection
CVE-2025-11601 2025-10-11 SourceCodester Online Student Result System login.php sql injection
CVE-2025-11603 2025-10-11 code-projects Simple Food Ordering System editproduct.php sql injection
CVE-2025-11604 2025-10-11 projectworlds Online Ordering Food System all-orders.php sql injection
CVE-2025-11605 2025-10-11 code-projects Client Details System update-profile.php sql injection
CVE-2025-11606 2025-10-11 iPynch Social Network Website Search sql injection
CVE-2025-11607 2025-10-11 harry0703 MoneyPrinterTurbo API Endpoint music.py upload_music path traversal
CVE-2025-11608 2025-10-11 code-projects E-Banking System POST Parameter register.php sql injection
CVE-2025-11609 2025-10-11 code-projects Hospital Management System express-session hard-coded key
CVE-2025-11610 2025-10-11 SourceCodester Simple Inventory System brand.php sql injection
CVE-2025-11611 2025-10-11 SourceCodester Simple Inventory System user.php sql injection
CVE-2025-11612 2025-10-11 code-projects Simple Food Ordering System addproduct.php sql injection
CVE-2025-11613 2025-10-11 code-projects Simple Food Ordering System addcategory.php sql injection
CVE-2025-11614 2025-10-11 SourceCodester Best Salon Management System edit-appointment.php sql injection
CVE-2025-11615 2025-10-11 SourceCodester Best Salon Management System add_invoice.php sql injection
CVE-2025-31993 2025-10-12 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF)
CVE-2025-31997 2025-10-12 HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)
CVE-2025-61884 2025-10-12 Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
CVE-2025-31998 2025-10-12 HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information
CVE-2025-52616 2025-10-12 HCL Unica 12.1.10 is affected by an exposure of sensitive information
CVE-2025-11628 2025-10-12 jimit105 Project-Online-Shopping-Website Product Inventory delete.php sql injection
CVE-2025-31992 2025-10-12 HCL MaxAI Assistant is susceptible to a HTML injection vulnerability
CVE-2025-11629 2025-10-12 RainyGao DocSys getUserList.do getUserList sql injection
CVE-2025-11630 2025-10-12 RainyGao DocSys File Upload uploadDoc.do updateRealDoc path traversal
CVE-2025-31969 2025-10-12 HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)
CVE-2025-52614 2025-10-12 HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability
CVE-2025-11631 2025-10-12 RainyGao DocSys deleteDoc.do path traversal
CVE-2025-52615 2025-10-12 HCL Unica Platform is impacted by misconfigured security related HTTP headers
CVE-2025-11633 2025-10-12 Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation
CVE-2025-11634 2025-10-12 Tomofun Furbo 360/Furbo Mini UART information disclosure
CVE-2025-33096 2025-10-12 IBM Engineering Requirements Management Doors Next denial of service
CVE-2025-2140 2025-10-12 IBM Engineering Requirements Management Doors Next spoofing
CVE-2025-2139 2025-10-12 IBM Engineering Requirements Management Doors Next security bypass
CVE-2025-2138 2025-10-12 IBM Engineering Requirements Management Doors Next data modification
CVE-2025-11635 2025-10-12 Tomofun Furbo 360 File Upload resource consumption
CVE-2025-11636 2025-10-12 Tomofun Furbo 360 Account server-side request forgery
CVE-2025-11637 2025-10-12 Tomofun Furbo 360 Audio race condition
CVE-2025-11638 2025-10-12 Tomofun Furbo 360/Furbo Mini Bluetooth denial of service
CVE-2025-11639 2025-10-12 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information
CVE-2025-11640 2025-10-12 Tomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission
CVE-2025-11641 2025-10-12 Tomofun Furbo 360/Furbo Mini Trial Restriction access control
CVE-2025-11642 2025-10-12 Tomofun Furbo 360/Furbo Mini Registration denial of service
CVE-2025-11643 2025-10-12 Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials
CVE-2025-11644 2025-10-12 Tomofun Furbo 360/Furbo Mini UART sensitive information
CVE-2025-11645 2025-10-12 Tomofun Furbo Mobile App Authentication Token sensitive information
CVE-2025-11646 2025-10-12 Tomofun Furbo 360/Furbo Mini GATT Service access control
CVE-2025-11647 2025-10-12 Tomofun Furbo 360/Furbo Mini GATT Service information disclosure
CVE-2025-11648 2025-10-12 Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery
CVE-2025-11649 2025-10-12 Tomofun Furbo 360/Furbo Mini Root Account hard-coded password
CVE-2025-11650 2025-10-12 Tomofun Furbo 360/Furbo Mini Password shadow weak hash
CVE-2025-11651 2025-10-12 UTT 进取 518G formRemoteControl sub_4247AC buffer overflow
CVE-2025-11652 2025-10-13 UTT 进取 518G formTaskEdit_ap buffer overflow
CVE-2025-11653 2025-10-13 UTT HiPER 2620G fNTP strcpy buffer overflow
CVE-2025-36087 2025-10-13 IBM Security Verify Access hard coded credentials
CVE-2025-11654 2025-10-13 yousaf530 Inferno Online Clothing Store log.php sql injection
CVE-2025-11655 2025-10-13 Total.js Flow SVG File unrestricted upload
CVE-2025-11656 2025-10-13 ProjectsAndPrograms School Management System editNotes.php unrestricted upload
CVE-2025-11657 2025-10-13 ProjectsAndPrograms School Management System createNotice.php unrestricted upload
CVE-2025-11658 2025-10-13 ProjectsAndPrograms School Management System changeSllyabus.php unrestricted upload
CVE-2025-11659 2025-10-13 ProjectsAndPrograms School Management System uploadNotes.php unrestricted upload
CVE-2025-31996 2025-10-13 Unprotected files are impacting HCL Unica Platform
CVE-2025-31994 2025-10-13 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)
CVE-2025-11660 2025-10-13 ProjectsAndPrograms School Management System uploadSllyabus.php unrestricted upload
CVE-2025-11661 2025-10-13 ProjectsAndPrograms School Management System missing authentication
CVE-2025-31995 2025-10-13 HCL Unica MaxAI Workbench is vulnerable to improper input validation
CVE-2025-11662 2025-10-13 SourceCodester Best Salon Management System booking.php sql injection
CVE-2025-11663 2025-10-13 Campcodes Online Beauty Parlor Management System manage-services.php sql injection
CVE-2025-9698 2025-10-13 The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
CVE-2025-11664 2025-10-13 Campcodes Online Beauty Parlor Management System search-appointment.php sql injection
CVE-2025-27259 2025-10-13 Ericsson Network Manager: improper neutralization of user controlled input
CVE-2025-27258 2025-10-13 Ericsson Network Manager: escalation of privilege vulnerability
CVE-2025-0636 2025-10-13 Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller