Lista CVE - 2025 / Ottobre
Visualizzazione 201 - 300 di 4280 CVE per Ottobre 2025 (Pagina 3 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-53529 | 2025-10-01 | wifi: rtw88: Fix memory leak in rtw88_usb |
| CVE-2023-53530 | 2025-10-01 | scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() |
| CVE-2023-53531 | 2025-10-01 | null_blk: fix poll request timeout handling |
| CVE-2023-53532 | 2025-10-01 | wifi: ath11k: fix deinitialization of firmware resources |
| CVE-2025-40647 | 2025-10-01 | Stored Cross-Site Scripting (XSS) vulnerability in Issabel products |
| CVE-2025-40648 | 2025-10-01 | Stored Cross-Site Scripting (XSS) vulnerability in Issabel products |
| CVE-2025-41421 | 2025-10-01 | Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client |
| CVE-2023-50301 | 2025-10-01 | IBM Transformation Extender Advanced information disclosure |
| CVE-2025-20369 | 2025-10-01 | Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise |
| CVE-2025-20366 | 2025-10-01 | Improper Access Control in Background Job Submission in Splunk Enterprise |
| CVE-2025-20370 | 2025-10-01 | Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise |
| CVE-2025-20367 | 2025-10-01 | Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise |
| CVE-2025-20371 | 2025-10-01 | Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise |
| CVE-2025-20368 | 2025-10-01 | Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise |
| CVE-2025-20361 | 2025-10-01 | Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20356 | 2025-10-01 | Cisco CyberVision Center Sensor Explorer Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20357 | 2025-10-01 | Cisco CyberVision Center Reports Stored Cross-Site Scripting Vulnerability |
| CVE-2025-11233 | 2025-10-01 | Rust standard library didn't detect all path separators on Cygwin |
| CVE-2025-34182 | 2025-10-01 | Deciso OPNsense < 25.7.4 /interfaces_ppps_edit.php ptpid Stored XSS |
| CVE-2023-49881 | 2025-10-01 | IBM Transformation Extender Advanced session fixation |
| CVE-2023-50300 | 2025-10-01 | IBM Transformation Extender Advanced improper access control |
| CVE-2023-49883 | 2025-10-01 | IBM Transformation Extender Advanced information disclosure |
| CVE-2025-8679 | 2025-10-01 | ExtremeGuest Essentials Captive Portal Unauthenticated Brute Force |
| CVE-2025-58054 | 2025-10-01 | Discourse is vulnerable to XSS when quoting chat messages |
| CVE-2025-10578 | 2025-10-01 | HP Support Assistant - Potential Escalation of Privilege |
| CVE-2025-58055 | 2025-10-01 | Discourse AI Suggestions Contain Insecure Direct Object Reference |
| CVE-2025-59147 | 2025-10-01 | Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets |
| CVE-2025-59148 | 2025-10-01 | Suricata's improper use of entropy keyword can lead to a NULL-ptr deref |
| CVE-2025-58769 | 2025-10-01 | auth0-PHP: Improper File Type Handling in Bulk User Import |
| CVE-2025-59149 | 2025-10-01 | Suricata: Stack buffer overflow in rule parser when processing long keywords with transforms |
| CVE-2025-59150 | 2025-10-01 | Suricata: Keyword tls.subjectaltname can lead to NULL-ptr deref |
| CVE-2025-59337 | 2025-10-01 | Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments |
| CVE-2025-59531 | 2025-10-01 | Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload |
| CVE-2025-59537 | 2025-10-01 | argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload |
| CVE-2025-59538 | 2025-10-01 | Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook |
| CVE-2025-23355 | 2025-10-01 | NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to... |
| CVE-2025-23297 | 2025-10-01 | NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A... |
| CVE-2025-54811 | 2025-10-01 | OpenPLC_V3 |
| CVE-2025-59951 | 2025-10-01 | Termix' official Docker image contains an authentication bypass vulnerability |
| CVE-2025-61587 | 2025-10-01 | Weblate integration with Anubis can lead to Open Redirect via redir parameter |
| CVE-2025-61582 | 2025-10-01 | Ts3 Manager: Unauthenticated Denial of Service possible through specially crafted Unicode input |
| CVE-2025-61583 | 2025-10-01 | TS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling |
| CVE-2025-61588 | 2025-10-01 | risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read` |
| CVE-2023-28760 | 2025-10-02 | TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the... |
| CVE-2025-32942 | 2025-10-02 | SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic. |
| CVE-2025-49090 | 2025-10-02 | The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution. |
| CVE-2025-54315 | 2025-10-02 | The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness. |
| CVE-2025-56019 | 2025-10-02 | An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection... |
| CVE-2025-56154 | 2025-10-02 | htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML... |
| CVE-2025-56161 | 2025-10-02 | YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no... |
| CVE-2025-56162 | 2025-10-02 | YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), allowing attackers to: (a) enumerate... |
| CVE-2025-56379 | 2025-10-02 | A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2025-56380 | 2025-10-02 | Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter |
| CVE-2025-56381 | 2025-10-02 | ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters. |
| CVE-2025-57305 | 2025-10-02 | VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp. |
| CVE-2025-57443 | 2025-10-02 | FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges... |
| CVE-2025-59403 | 2025-10-02 | The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API... |
| CVE-2025-59405 | 2025-10-02 | The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within... |
| CVE-2025-59406 | 2025-10-02 | The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in... |
| CVE-2025-59407 | 2025-10-02 | The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with... |
| CVE-2025-59409 | 2025-10-02 | Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware. |
| CVE-2025-60660 | 2025-10-02 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function. |
| CVE-2025-60661 | 2025-10-02 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function. |
| CVE-2025-60662 | 2025-10-02 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function. |
| CVE-2025-60663 | 2025-10-02 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function. |
| CVE-2025-60782 | 2025-10-02 | PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the... |
| CVE-2025-61087 | 2025-10-02 | SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section. |
| CVE-2025-61096 | 2025-10-02 | PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. |
| CVE-2025-11182 | 2025-10-02 | File Download in GTONE ChangeFlow |
| CVE-2025-11221 | 2025-10-02 | Remote Code Execution in GTONE ChangeFlow |
| CVE-2025-11020 | 2025-10-02 | Remote Code Execution in MarkAny SafePC Enterprise |
| CVE-2025-58775 | 2025-10-02 | KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. |
| CVE-2025-58776 | 2025-10-02 | KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. |
| CVE-2025-58777 | 2025-10-02 | VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. |
| CVE-2025-61691 | 2025-10-02 | VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. |
| CVE-2025-61692 | 2025-10-02 | VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. |
| CVE-2025-61690 | 2025-10-02 | KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. |
| CVE-2025-9587 | 2025-10-02 | CTL Behance Importer Lite <= 1.0 - Unauthenticated SQL Injection |
| CVE-2025-9697 | 2025-10-02 | Ajax WooSearch <= 1.0.0 - Unauthenticated SQL Injection |
| CVE-2025-54286 | 2025-10-02 | CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI |
| CVE-2025-54287 | 2025-10-02 | Arbitrary File Read via Template Injection in Snapshot Patterns |
| CVE-2025-54288 | 2025-10-02 | Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server |
| CVE-2025-54289 | 2025-10-02 | Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API |
| CVE-2025-54290 | 2025-10-02 | Project Existence Disclosure via Error Handling in LXD Image Export |
| CVE-2025-54291 | 2025-10-02 | Project existence disclosure in LXD images API |
| CVE-2025-54292 | 2025-10-02 | Client-Side Path Traversal in LXD-UI |
| CVE-2025-40645 | 2025-10-02 | Exposure of sensitive information in Viday |
| CVE-2025-40646 | 2025-10-02 | Multiple vulnerabilities in Energy CRM by Status Tracker |
| CVE-2025-61734 | 2025-10-02 | Apache Kylin: improper restriction of file read |
| CVE-2025-61733 | 2025-10-02 | Apache Kylin: Authentication bypass |
| CVE-2025-61735 | 2025-10-02 | Apache Kylin: Server-Side Request Forgery |
| CVE-2025-54468 | 2025-10-02 | Rancher sends sensitive information to external services through the `/meta/proxy` endpoint |
| CVE-2025-40989 | 2025-10-02 | Stored XSS in Creativeitem Ekushey CRM |
| CVE-2025-40990 | 2025-10-02 | Stored XSS in Creativeitem Ekushey CRM |
| CVE-2025-54293 | 2025-10-02 | Path Traversal in LXD Instance Log File Retrieval |
| CVE-2025-40991 | 2025-10-02 | Stored XSS in Creativeitem Ekushey CRM |
| CVE-2025-40992 | 2025-10-02 | Stored XSS in Creativeitem Sociopro |
| CVE-2025-41064 | 2025-10-02 | Incorrect authentication in GTT´s group OpenSIAC |
| CVE-2024-58267 | 2025-10-02 | Rancher CLI SAML authentication is vulnerable to phishing attacks |
| CVE-2024-58260 | 2025-10-02 | Rancher update on users can deny the service to the admin |