Lista CVE - 2025 / Ottobre
Visualizzazione 2101 - 2200 di 4280 CVE per Ottobre 2025 (Pagina 22 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-39996 | 2025-10-15 | media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove |
| CVE-2025-39997 | 2025-10-15 | ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free |
| CVE-2025-39998 | 2025-10-15 | scsi: target: target_core_configfs: Add length check to avoid buffer overflow |
| CVE-2025-39999 | 2025-10-15 | blk-mq: fix blk_mq_tags double free while nr_requests grown |
| CVE-2025-40000 | 2025-10-15 | wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() |
| CVE-2025-10754 | 2025-10-15 | DocoDoco Store Locator <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload |
| CVE-2025-10139 | 2025-10-15 | WP BookWidgets <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10293 | 2025-10-15 | Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover |
| CVE-2025-10648 | 2025-10-15 | Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes' |
| CVE-2025-10660 | 2025-10-15 | WP Dashboard Chat <= 1.0.3 - Authenticated (Contributor+) SQL Injection via id |
| CVE-2025-10310 | 2025-10-15 | Rich Snippet Site Report <= 2.0.0105 - Authenticated (Admin+) SQL Injection |
| CVE-2025-10045 | 2025-10-15 | onOffice for WP-Websites <= 5.7 - Authenticated (Editor+) SQL Injection |
| CVE-2025-10730 | 2025-10-15 | Wp tabber widget <= 4.0 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-10301 | 2025-10-15 | FunKItools <= 1.0.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10575 | 2025-10-15 | WP jQuery Pager <= 1.4.0 - Authenticated (Contributor+) SQL Injection via Shortcode |
| CVE-2025-10186 | 2025-10-15 | WhyDonate – FREE Donate button – Crowdfunding – Fundraising <= 4.0.14 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion |
| CVE-2025-10041 | 2025-10-15 | Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload |
| CVE-2025-10051 | 2025-10-15 | Demo Import Kit <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload |
| CVE-2025-11177 | 2025-10-15 | External Login <= 1.11.2 - Unauthenticated SQL Injection via log |
| CVE-2025-10299 | 2025-10-15 | WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-10133 | 2025-10-15 | URLYar <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11722 | 2025-10-15 | Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-10743 | 2025-10-15 | Outdoor <= 1.3.2 - Unauthenticated SQL Injection |
| CVE-2025-10132 | 2025-10-15 | Dhivehi Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10038 | 2025-10-15 | Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation |
| CVE-2025-10135 | 2025-10-15 | WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10300 | 2025-10-15 | TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-10312 | 2025-10-15 | Theme Importer <= 1.0 - Cross-Site Request Forgery |
| CVE-2025-10303 | 2025-10-15 | Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation |
| CVE-2025-11365 | 2025-10-15 | WP Google Map Plugin <= 1.0 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-11692 | 2025-10-15 | Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion |
| CVE-2025-10140 | 2025-10-15 | Quick Social Login <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-9967 | 2025-10-15 | Orion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account Takeover |
| CVE-2025-10294 | 2025-10-15 | OwnID Passwordless Login <= 1.3.4 - Authentication Bypass |
| CVE-2025-10486 | 2025-10-15 | Content Writer <= 3.6.8 - Unauthenticated Information Exposure via Log File |
| CVE-2025-11196 | 2025-10-15 | External Login <= 1.11.2 - Authenticated (Subscriber+) Sensitive Data Exposure via Test Connection |
| CVE-2025-10313 | 2025-10-15 | Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-11728 | 2025-10-15 | Oceanpayment CreditCard Gateway <= 6.0 - Missing Authentication to Unauthenticated Order Status Update |
| CVE-2025-10056 | 2025-10-15 | Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery |
| CVE-2025-10141 | 2025-10-15 | Digiseller <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11701 | 2025-10-15 | Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure |
| CVE-2025-10194 | 2025-10-15 | Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-10682 | 2025-10-15 | TARIFFUXX <= 1.4 - Authenticated (Contributor+) SQL Injection via tariffuxx_configurator Shortcode |
| CVE-2025-55081 | 2025-10-15 | Potential out of bound read in _nx_secure_tls_process_clienthello() |
| CVE-2025-55082 | 2025-10-15 | Potential out of bound read and info leak in_nx_secure_tls_psk_identity_find() |
| CVE-2025-10869 | 2025-10-15 | Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot |
| CVE-2025-9640 | 2025-10-15 | Samba: vfs_streams_xattr uninitialized memory write possible |
| CVE-2025-53474 | 2025-10-15 | BIG-IP iRules vulnerability |
| CVE-2025-59268 | 2025-10-15 | BIG-IP Configuration utility vulnerability |
| CVE-2025-59269 | 2025-10-15 | BIG-IP Configuration utility XSS vulnerability |
| CVE-2025-47148 | 2025-10-15 | BIG-IP APM and SSL Orchestrator vulnerability |
| CVE-2025-58474 | 2025-10-15 | BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability |
| CVE-2025-59478 | 2025-10-15 | BIG-IP AFM DoS protection profile vulnerability |
| CVE-2025-60016 | 2025-10-15 | BIG-IP SSL/TLS vulnerability |
| CVE-2025-58153 | 2025-10-15 | BIG-IP HSB vulnerability |
| CVE-2025-48008 | 2025-10-15 | BIG-IP MPTCP vulnerability |
| CVE-2025-55669 | 2025-10-15 | BIG-IP HTTP/2 vulnerability |
| CVE-2025-46706 | 2025-10-15 | BIG-IP iRules vulnerability |
| CVE-2025-47150 | 2025-10-15 | F5OS SNMP vulnerability |
| CVE-2025-59781 | 2025-10-15 | BIG-IP DNS cache vulnerability |
| CVE-2025-55036 | 2025-10-15 | BIG-IP SSL Orchestrator vulnerability |
| CVE-2025-58424 | 2025-10-15 | BIG-IP TMM vulnerability |
| CVE-2025-61938 | 2025-10-15 | BIG-IP Advanced WAF and ASM bd process vulnerability |
| CVE-2025-41430 | 2025-10-15 | BIG-IP SSL Orchestrator vulnerability |
| CVE-2025-55670 | 2025-10-15 | BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability |
| CVE-2025-54805 | 2025-10-15 | TMM Vulnerability |
| CVE-2025-59778 | 2025-10-15 | VELOS partition container network vulnerability |
| CVE-2025-54479 | 2025-10-15 | BIG-IP PEM vulnerability |
| CVE-2025-53856 | 2025-10-15 | TMM vulnerability |
| CVE-2025-61951 | 2025-10-15 | BIG-IP DTLS 1.2 Vulnerability |
| CVE-2025-60013 | 2025-10-15 | F5OS-A FIPS HSM password vulnerability |
| CVE-2025-58120 | 2025-10-15 | BIG-IP Next (CNF, SPK, and Kubernetes) vulnerability |
| CVE-2025-53868 | 2025-10-15 | BIG-IP SCP and SFTP vulnerability |
| CVE-2025-54858 | 2025-10-15 | BIG-IP Advanced WAF and ASM vulnerability |
| CVE-2025-58096 | 2025-10-15 | BIG-IP TMM vulnerability |
| CVE-2025-53521 | 2025-10-15 | BigIP APM Vulnerability |
| CVE-2025-61958 | 2025-10-15 | BIG-IP TMSH vulnerability |
| CVE-2025-54854 | 2025-10-15 | BigIP APM Vulnerability |
| CVE-2025-61955 | 2025-10-15 | F5OS vulnerability |
| CVE-2025-61960 | 2025-10-15 | BIG-IP APM portal access vulnerability |
| CVE-2025-59481 | 2025-10-15 | BIG-IP iControl REST and tmsh vulnerability |
| CVE-2025-61974 | 2025-10-15 | BIG-IP SSL/TLS vulnerability |
| CVE-2025-59483 | 2025-10-15 | BIG-IP Configuration utility and tmsh vulnerability |
| CVE-2025-54755 | 2025-10-15 | BIG-IP Configuration utility vulnerability |
| CVE-2025-60015 | 2025-10-15 | F5OS out-of-bounds write vulnerability |
| CVE-2025-55083 | 2025-10-15 | Broken bounds check in Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension() |
| CVE-2025-6026 | 2025-10-15 | An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device... |
| CVE-2025-8486 | 2025-10-15 | A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges. |
| CVE-2025-9548 | 2025-10-15 | A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error. |
| CVE-2025-10581 | 2025-10-15 | A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. |
| CVE-2025-10699 | 2025-10-15 | A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure. |
| CVE-2025-53860 | 2025-10-15 | F5OS-A FIPS HSM vulnerability |
| CVE-2025-61935 | 2025-10-15 | BIG-IP Advanced WAF and ASM vulnerability |
| CVE-2025-58071 | 2025-10-15 | BIG-IP IPSec vulnerability |
| CVE-2025-61933 | 2025-10-15 | BIG-IP APM cross-site scripting (XSS) vulnerability |
| CVE-2025-57780 | 2025-10-15 | F5OS Vulnerability |
| CVE-2025-61990 | 2025-10-15 | TMM vulnerability |
| CVE-2025-2529 | 2025-10-15 | IBM Terracotta denial of service |
| CVE-2025-62370 | 2025-10-15 | Alloy Core has a DoS vulnerability on `alloy_dyn_abi::TypedData` hashing |
| CVE-2025-59419 | 2025-10-15 | Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery |