Lista CVE - 2025 / Ottobre
Visualizzazione 2001 - 2100 di 4280 CVE per Ottobre 2025 (Pagina 21 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-54280 | 2025-10-14 | Substance3D - Viewer | Out-of-bounds Write (CWE-787) |
| CVE-2025-54275 | 2025-10-14 | Substance3D - Viewer | Out-of-bounds Write (CWE-787) |
| CVE-2025-54273 | 2025-10-14 | Substance3D - Viewer | Out-of-bounds Write (CWE-787) |
| CVE-2025-54274 | 2025-10-14 | Substance3D - Viewer | Stack-based Buffer Overflow (CWE-121) |
| CVE-2025-33182 | 2025-10-14 | NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability... |
| CVE-2025-54276 | 2025-10-14 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) |
| CVE-2025-59051 | 2025-10-14 | FreePBX Endpoint Manager command injection via Network Scanning feature |
| CVE-2025-54281 | 2025-10-14 | Adobe Framemaker | Use After Free (CWE-416) |
| CVE-2025-54282 | 2025-10-14 | Adobe Framemaker | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-33177 | 2025-10-14 | NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of... |
| CVE-2025-59429 | 2025-10-14 | FreePBX core module vulnerable to reflected cross-site scripting via Asterisk HTTP Status page |
| CVE-2025-54284 | 2025-10-14 | Illustrator | Out-of-bounds Write (CWE-787) |
| CVE-2025-54283 | 2025-10-14 | Illustrator | Out-of-bounds Write (CWE-787) |
| CVE-2025-61675 | 2025-10-14 | FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters |
| CVE-2025-34267 | 2025-10-14 | Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages |
| CVE-2025-61678 | 2025-10-14 | FreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameter |
| CVE-2025-61801 | 2025-10-14 | Dimension | Use After Free (CWE-416) |
| CVE-2025-61800 | 2025-10-14 | Dimension | Integer Overflow or Wraparound (CWE-190) |
| CVE-2025-61798 | 2025-10-14 | Dimension | Out-of-bounds Read (CWE-125) |
| CVE-2025-61799 | 2025-10-14 | Dimension | Out-of-bounds Read (CWE-125) |
| CVE-2025-61806 | 2025-10-14 | Substance3D - Stager | Out-of-bounds Read (CWE-125) |
| CVE-2025-61807 | 2025-10-14 | Substance3D - Stager | Integer Overflow or Wraparound (CWE-190) |
| CVE-2025-61805 | 2025-10-14 | Substance3D - Stager | Out-of-bounds Read (CWE-125) |
| CVE-2025-61802 | 2025-10-14 | Substance3D - Stager | Use After Free (CWE-416) |
| CVE-2025-61803 | 2025-10-14 | Substance3D - Stager | Integer Overflow or Wraparound (CWE-190) |
| CVE-2025-62374 | 2025-10-14 | Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs |
| CVE-2025-54264 | 2025-10-14 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-54265 | 2025-10-14 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-54263 | 2025-10-14 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-54266 | 2025-10-14 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-54267 | 2025-10-14 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-61796 | 2025-10-14 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-54272 | 2025-10-14 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-61797 | 2025-10-14 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-54196 | 2025-10-14 | Adobe Connect | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601) |
| CVE-2025-49553 | 2025-10-14 | Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-49552 | 2025-10-14 | Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-62376 | 2025-10-14 | pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access |
| CVE-2025-56746 | 2025-10-15 | Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers. |
| CVE-2025-56748 | 2025-10-15 | Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens... |
| CVE-2025-56749 | 2025-10-15 | Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication... |
| CVE-2025-54270 | 2025-10-15 | Animate | NULL Pointer Dereference (CWE-476) |
| CVE-2025-54269 | 2025-10-15 | Animate | Out-of-bounds Read (CWE-125) |
| CVE-2025-54279 | 2025-10-15 | Animate | Use After Free (CWE-416) |
| CVE-2025-61804 | 2025-10-15 | Animate | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54278 | 2025-10-15 | Bridge | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54268 | 2025-10-15 | Bridge | Heap-based Buffer Overflow (CWE-122) |
| CVE-2023-7311 | 2025-10-15 | BYTEVALUE Intelligent Flow Control Router Command Injection |
| CVE-2017-20204 | 2025-10-15 | DBLTek GoIP Telnet Admin Interface Undocumented Backdoor |
| CVE-2024-13991 | 2025-10-15 | Huijietong Cloud Video Platform fileDownload Arbitrary File Read |
| CVE-2023-7304 | 2025-10-15 | Ruijie RG-UAC nmc_sync.php Command Injection |
| CVE-2017-20205 | 2025-10-15 | Valve Source SDK Stack-Based Buffer Overflow RCE |
| CVE-2018-25117 | 2025-10-15 | VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise |
| CVE-2011-10033 | 2025-10-15 | WordPress Plugin is-human <= v1.4.2 Eval Injection RCE |
| CVE-2023-7305 | 2025-10-15 | SmartBI RMIServlet Unrestricted File Upload RCE |
| CVE-2025-11746 | 2025-10-15 | XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion |
| CVE-2025-55079 | 2025-10-15 | Missing check for thread priority |
| CVE-2025-11176 | 2025-10-15 | Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation |
| CVE-2025-6042 | 2025-10-15 | Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Unauthenticated Privilege Escalation to Editor |
| CVE-2025-8561 | 2025-10-15 | Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-55080 | 2025-10-15 | Improper Parameter Check in ThreadX Syscall Implementation |
| CVE-2025-31702 | 2025-10-15 | A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges,... |
| CVE-2025-10406 | 2025-10-15 | BlindMatrix e-Commerce < 3.1 - Contributor+ LFI |
| CVE-2025-26859 | 2025-10-15 | RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it... |
| CVE-2025-26860 | 2025-10-15 | RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected... |
| CVE-2025-26861 | 2025-10-15 | RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected... |
| CVE-2025-11161 | 2025-10-15 | WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode |
| CVE-2025-11160 | 2025-10-15 | WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module |
| CVE-2025-55039 | 2025-10-15 | Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks |
| CVE-2025-11501 | 2025-10-15 | Dynamically Display Posts <= 1.1 - Unauthenticated SQL Injection |
| CVE-2025-61941 | 2025-10-15 | A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover,... |
| CVE-2025-39966 | 2025-10-15 | iommufd: Fix race during abort for file descriptors |
| CVE-2025-39967 | 2025-10-15 | fbcon: fix integer overflow in fbcon_do_set_font |
| CVE-2025-39968 | 2025-10-15 | i40e: add max boundary check for VF filters |
| CVE-2025-39969 | 2025-10-15 | i40e: fix validation of VF state in get resources |
| CVE-2025-39970 | 2025-10-15 | i40e: fix input validation logic for action_meta |
| CVE-2025-39971 | 2025-10-15 | i40e: fix idx validation in config queues msg |
| CVE-2025-39972 | 2025-10-15 | i40e: fix idx validation in i40e_validate_queue_map |
| CVE-2025-39973 | 2025-10-15 | i40e: add validation for ring_len param |
| CVE-2025-39974 | 2025-10-15 | tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() |
| CVE-2025-39975 | 2025-10-15 | smb: client: fix wrong index reference in smb2_compound_op() |
| CVE-2025-39976 | 2025-10-15 | futex: Use correct exit on failure from futex_hash_allocate_default() |
| CVE-2025-39977 | 2025-10-15 | futex: Prevent use-after-free during requeue-PI |
| CVE-2025-39978 | 2025-10-15 | octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() |
| CVE-2025-39979 | 2025-10-15 | net/mlx5: fs, fix UAF in flow counter release |
| CVE-2025-39980 | 2025-10-15 | nexthop: Forbid FDB status change while nexthop is in a group |
| CVE-2025-39981 | 2025-10-15 | Bluetooth: MGMT: Fix possible UAFs |
| CVE-2025-39982 | 2025-10-15 | Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync |
| CVE-2025-39983 | 2025-10-15 | Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue |
| CVE-2025-39984 | 2025-10-15 | net: tun: Update napi->skb after XDP process |
| CVE-2025-39985 | 2025-10-15 | can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow |
| CVE-2025-39986 | 2025-10-15 | can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow |
| CVE-2025-39987 | 2025-10-15 | can: hi311x: populate ndo_change_mtu() to prevent buffer overflow |
| CVE-2025-39988 | 2025-10-15 | can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow |
| CVE-2025-39990 | 2025-10-15 | bpf: Check the helper function is valid in get_helper_proto |
| CVE-2025-39991 | 2025-10-15 | wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() |
| CVE-2025-39992 | 2025-10-15 | mm: swap: check for stable address space before operating on the VMA |
| CVE-2025-39993 | 2025-10-15 | media: rc: fix races with imon_disconnect() |
| CVE-2025-39994 | 2025-10-15 | media: tuner: xc5000: Fix use-after-free in xc5000_release |
| CVE-2025-39995 | 2025-10-15 | media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe |