Lista CVE - 2025 / Ottobre
Visualizzazione 1601 - 1700 di 4280 CVE per Ottobre 2025 (Pagina 17 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-11665 | 2025-10-13 | D-Link DAP-2695 Firmware Update rgbin fwupdater_main os command injection |
| CVE-2025-9265 | 2025-10-13 | API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products |
| CVE-2025-8915 | 2025-10-13 | Hardcoded TLS private key in Kiloview N30 firmware |
| CVE-2025-11666 | 2025-10-13 | Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password |
| CVE-2025-11671 | 2025-10-13 | EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication |
| CVE-2025-11667 | 2025-10-13 | code-projects Automated Voting System add_candidate_modal.php. sql injection |
| CVE-2025-11672 | 2025-10-13 | EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication |
| CVE-2025-9976 | 2025-10-13 | OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x |
| CVE-2025-11673 | 2025-10-13 | PiExtract |SOOP-CLM - Hidden Functionality |
| CVE-2025-10552 | 2025-10-13 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x |
| CVE-2025-10556 | 2025-10-13 | Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x |
| CVE-2025-10557 | 2025-10-13 | Stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x |
| CVE-2025-10558 | 2025-10-13 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x |
| CVE-2025-11674 | 2025-10-13 | PiExtract|SOOP-CLM - Server-Side Request Forgery |
| CVE-2025-11675 | 2025-10-13 | Ragic|Enterprise Cloud Database - Arbitrary File Upload |
| CVE-2025-11668 | 2025-10-13 | code-projects Automated Voting System update_user.php sql injection |
| CVE-2025-9968 | 2025-10-13 | A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For... |
| CVE-2025-11183 | 2025-10-13 | Cross-Site Scripting Vulnerability in QWC2 |
| CVE-2025-11184 | 2025-10-13 | Cross-Site Scripting Vulnerability in QWC2 Registration GUI |
| CVE-2025-9336 | 2025-10-13 | A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined... |
| CVE-2025-9337 | 2025-10-13 | A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer... |
| CVE-2025-10720 | 2025-10-13 | WP Private Content Plus <= 3.6.2 - Password Protection Bypass |
| CVE-2025-6919 | 2025-10-13 | SQLi in Cats Informatics' Aykome |
| CVE-2025-9902 | 2025-10-13 | IDOR in Akınsoft QRMenu |
| CVE-2025-37729 | 2025-10-13 | Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine |
| CVE-2025-39964 | 2025-10-13 | crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg |
| CVE-2025-39965 | 2025-10-13 | xfrm: xfrm_alloc_spi shouldn't use 0 as SPI |
| CVE-2025-43991 | 2025-10-13 | SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with... |
| CVE-2025-7707 | 2025-10-13 | World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index |
| CVE-2025-11695 | 2025-10-13 | Configuration may unexpectedly disable certificate validation |
| CVE-2025-62244 | 2025-10-13 | Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and... |
| CVE-2025-62243 | 2025-10-13 | Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows... |
| CVE-2025-61775 | 2025-10-13 | Vickey's unexpired email confirmation link can be reused to send repeated confirmation emails |
| CVE-2025-62170 | 2025-10-13 | rAthena map-server use-after-free vulnerability in RODEX |
| CVE-2025-62242 | 2025-10-13 | Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92... |
| CVE-2025-62241 | 2025-10-13 | Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of... |
| CVE-2025-58084 | 2025-10-13 | Mattermost Desktop App crashes when clicking on malformed external URL |
| CVE-2025-62246 | 2025-10-13 | Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92,... |
| CVE-2025-62364 | 2025-10-13 | text-generation-webui allows arbitrary file read via symbolic link upload |
| CVE-2025-62252 | 2025-10-13 | Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92,... |
| CVE-2025-59836 | 2025-10-13 | Omni is Vulnerable to DoS via Empty Create/Update Resource Requests |
| CVE-2025-61688 | 2025-10-13 | Omni leaks information via the API |
| CVE-2025-62174 | 2025-10-13 | Mastodon allows continued access after password reset via CLI |
| CVE-2025-62175 | 2025-10-13 | Mastodon streaming API fails to disconnect disabled and suspended users |
| CVE-2025-62176 | 2025-10-13 | Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels |
| CVE-2025-11622 | 2025-10-13 | Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges. |
| CVE-2025-9713 | 2025-10-13 | Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. |
| CVE-2025-11623 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62177 | 2025-10-13 | WeGIA vulnerable to SQL Injection via 'id_funcionario' param at endpoint `/html/funcionario/dependente_listar.php` |
| CVE-2025-62392 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62390 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62389 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62388 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62387 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62385 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62178 | 2025-10-13 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint '/html/atendido/cadastro_atendido_parentesco_pessoa_nova.php' parameter 'idatendido' |
| CVE-2025-62391 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62383 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62386 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62384 | 2025-10-13 | SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. |
| CVE-2025-62179 | 2025-10-13 | WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pessoa_existente.php` |
| CVE-2025-62358 | 2025-10-13 | WeGIA Reflected XSS to Account TakeOver at /html/configuracao/configuracao_geral.php via log parameter |
| CVE-2025-62359 | 2025-10-13 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint id_pet |
| CVE-2025-62251 | 2025-10-13 | Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who... |
| CVE-2025-62360 | 2025-10-13 | WeGIA SQL Injection via 'id_dependente' param at endpoint `/html/funcionario/dependente_documento.php` |
| CVE-2025-62361 | 2025-10-13 | WeGIA Open Redirect Vulnerability in `control.php` endpoint `nextPage` parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle) |
| CVE-2025-62362 | 2025-10-13 | Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal |
| CVE-2025-62363 | 2025-10-13 | yt-grabber-tui allows arbitrary code execution via configurable yt-dlp path |
| CVE-2025-62365 | 2025-10-13 | LibreNMS vulnerable to Reflected-XSS in `report_this` function |
| CVE-2025-54603 | 2025-10-14 | An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users. |
| CVE-2025-56747 | 2025-10-14 | Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing... |
| CVE-2025-57563 | 2025-10-14 | A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files. |
| CVE-2025-57618 | 2025-10-14 | A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's... |
| CVE-2025-60374 | 2025-10-14 | Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in... |
| CVE-2025-60535 | 2025-10-14 | A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request. |
| CVE-2025-60536 | 2025-10-14 | An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file. |
| CVE-2025-60537 | 2025-10-14 | Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data. |
| CVE-2025-60540 | 2025-10-14 | karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF). |
| CVE-2025-42901 | 2025-10-14 | Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser) |
| CVE-2025-42902 | 2025-10-14 | Memory Corruption vulnerability in SAP Netweaver AS ABAP and ABAP Platform |
| CVE-2025-42903 | 2025-10-14 | User Enumeration and Sensitive Data Exposure via RFC Function in SAP Financial Service Claims Management |
| CVE-2025-42906 | 2025-10-14 | Directory Traversal vulnerability in SAP Commerce Cloud |
| CVE-2025-42908 | 2025-10-14 | Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42909 | 2025-10-14 | Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances |
| CVE-2025-42910 | 2025-10-14 | Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management |
| CVE-2025-42937 | 2025-10-14 | Directory Traversal vulnerability in SAP Print Service |
| CVE-2025-42939 | 2025-10-14 | Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements) |
| CVE-2025-59889 | 2025-10-14 | Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue... |
| CVE-2025-10732 | 2025-10-14 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure |
| CVE-2025-10357 | 2025-10-14 | Simple SEO < 2.0.32 - Contributor+ Stored XSS |
| CVE-2025-8594 | 2025-10-14 | Pz-LinkCard < 2.5.7 - Contributor+ SSRF |
| CVE-2025-11731 | 2025-10-14 | Libxslt: type confusion in exsltfuncresultcompfunction of libxslt |
| CVE-2025-55078 | 2025-10-14 | Incomplete validation of kernel object pointers in system calls |
| CVE-2025-41703 | 2025-10-14 | Phoenix Contact: UPS Shutdown via Unauthenticated Modbus Command |
| CVE-2025-41704 | 2025-10-14 | Phoenix Contact: Unauthenticated Modbus Service DoS via Crafted Function Code |
| CVE-2025-41705 | 2025-10-14 | Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials |
| CVE-2025-41706 | 2025-10-14 | Phoenix Contact: Webserver Denial of Service through Malformed Content-Length |
| CVE-2025-41707 | 2025-10-14 | Phoenix Contact: WebSocket Handler Denial of Service |
| CVE-2025-41718 | 2025-10-14 | Murrelektronik: Unprotected Transport of Credentials |
| CVE-2025-41699 | 2025-10-14 | Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers |