Lista CVE - 2025 / Ottobre
Visualizzazione 3001 - 3100 di 4280 CVE per Ottobre 2025 (Pagina 31 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-59579 | 2025-10-22 | WordPress Simple Job Board plugin <= 2.13.7 - Sensitive Data Exposure vulnerability |
| CVE-2025-59580 | 2025-10-22 | WordPress Goodlayers Core plugin < 2.1.7 - Privilege Escalation vulnerability |
| CVE-2025-59593 | 2025-10-22 | WordPress Colibri Page Builder Plugin < 1.0.334 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60039 | 2025-10-22 | WordPress Noisa theme <= 2.6.0 - PHP Object Injection vulnerability |
| CVE-2025-60041 | 2025-10-22 | WordPress Emails Catch All plugin <= 3.5.3 - Broken Authentication vulnerability |
| CVE-2025-60131 | 2025-10-22 | WordPress Werk aan de Muur Plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60132 | 2025-10-22 | WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60134 | 2025-10-22 | WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60135 | 2025-10-22 | WordPress WeShare Buttons Plugin <= 13.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60151 | 2025-10-22 | WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability |
| CVE-2025-60168 | 2025-10-22 | WordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-60176 | 2025-10-22 | WordPress WP Tesseract Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-60206 | 2025-10-22 | WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-60208 | 2025-10-22 | WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-60209 | 2025-10-22 | WordPress Connector for Gravity Forms and Google Sheets plugin <= 1.2.6 - PHP Object Injection vulnerability |
| CVE-2025-60210 | 2025-10-22 | WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability |
| CVE-2025-60211 | 2025-10-22 | WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability |
| CVE-2025-60212 | 2025-10-22 | WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability |
| CVE-2025-60213 | 2025-10-22 | WordPress Scape theme <= 1.5.13 - PHP Object Injection vulnerability |
| CVE-2025-60214 | 2025-10-22 | WordPress Goldenblatt theme <= 1.2.1 - PHP Object Injection vulnerability |
| CVE-2025-60215 | 2025-10-22 | WordPress Kriya theme <= 3.4 - PHP Object Injection Vulnerability |
| CVE-2025-60216 | 2025-10-22 | WordPress Addison theme <= 1.4.2 - PHP Object Injection vulnerability |
| CVE-2025-60217 | 2025-10-22 | WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Deletion Vulnerability |
| CVE-2025-60220 | 2025-10-22 | WordPress CouponXxL theme <= 3.0.0 - Privilege Escalation vulnerability |
| CVE-2025-60221 | 2025-10-22 | WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability |
| CVE-2025-60222 | 2025-10-22 | WordPress SUMO Memberships for WooCommerce plugin <= 7.6.0 - Privilege Escalation vulnerability |
| CVE-2025-60224 | 2025-10-22 | WordPress Subscribe to Download plugin <= 2.0.9 - PHP Object Injection vulnerability |
| CVE-2025-60225 | 2025-10-22 | WordPress BugsPatrol theme <= 1.5.0 - PHP Object Injection vulnerability |
| CVE-2025-60226 | 2025-10-22 | WordPress White Rabbit theme <= 1.5.2 - PHP Object Injection vulnerability |
| CVE-2025-60227 | 2025-10-22 | WordPress WP Pipes plugin <= 1.4.3 - Arbitrary File Deletion vulnerability |
| CVE-2025-60228 | 2025-10-22 | WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability |
| CVE-2025-60232 | 2025-10-22 | WordPress KBx Pro Ultimate plugin <= 8.0.5 - PHP Object Injection vulnerability |
| CVE-2025-60234 | 2025-10-22 | WordPress Single Property theme <= 2.8 - PHP Object Injection vulnerability |
| CVE-2025-60238 | 2025-10-22 | WordPress UNIVERSAM plugin <= 8.72.34 - PHP Object Injection vulnerability |
| CVE-2025-60246 | 2025-10-22 | WordPress Simple Finance Calculator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62005 | 2025-10-22 | WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62006 | 2025-10-22 | WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability |
| CVE-2025-62007 | 2025-10-22 | WordPress Voice Feedback plugin <= 1.0.3 - Privilege Escalation vulnerability |
| CVE-2025-62008 | 2025-10-22 | WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability |
| CVE-2025-62009 | 2025-10-22 | WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62013 | 2025-10-22 | WordPress UiChemy plugin <= 4.0.0 - Broken Access Control vulnerability |
| CVE-2025-62015 | 2025-10-22 | WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.6.8 - SQL Injection vulnerability |
| CVE-2025-62019 | 2025-10-22 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.8 - Broken Access Control vulnerability |
| CVE-2025-62020 | 2025-10-22 | WordPress VOD Infomaniak plugin <= 1.5.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62021 | 2025-10-22 | WordPress Acknowledgify plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-62022 | 2025-10-22 | WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability |
| CVE-2025-62023 | 2025-10-22 | WordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-62024 | 2025-10-22 | WordPress Pie Calendar plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62025 | 2025-10-22 | WordPress JobSearch plugin < 3.0.8 - PHP Object Injection vulnerability |
| CVE-2025-62026 | 2025-10-22 | WordPress Blockspare plugin <= 3.2.13.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-62027 | 2025-10-22 | WordPress Event Tickets plugin <= 5.26.3 - Broken Access Control vulnerability |
| CVE-2025-62029 | 2025-10-22 | WordPress Grevo theme <= 2.4 - Local File Inclusion vulnerability |
| CVE-2025-62042 | 2025-10-22 | WordPress Event post plugin <= 5.10.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62048 | 2025-10-22 | WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability |
| CVE-2025-62052 | 2025-10-22 | WordPress One Page Express Companion plugin <= 1.6.43 - Broken Access Control vulnerability |
| CVE-2025-62054 | 2025-10-22 | WordPress Houzez Theme - Functionality plugin <= 4.1.8 - Local File Inclusion vulnerability |
| CVE-2025-62058 | 2025-10-22 | WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62060 | 2025-10-22 | WordPress Tab Ultimate plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62061 | 2025-10-22 | WordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62062 | 2025-10-22 | WordPress Easy Post Submission plugin <= 1.7.0 - Sensitive Data Exposure vulnerability |
| CVE-2025-62063 | 2025-10-22 | WordPress WP Travel Gutenberg Blocks plugin <= 3.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62068 | 2025-10-22 | WordPress e2pdf plugin <= 1.28.09 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62069 | 2025-10-22 | WordPress MDTF plugin <= 1.3.3.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62070 | 2025-10-22 | WordPress WowRevenue plugin <= 1.2.13 - Broken Access Control vulnerability |
| CVE-2025-62071 | 2025-10-22 | WordPress Social proof testimonials and reviews by Repuso plugin <= 5.29 - Broken Access Control vulnerability |
| CVE-2025-62072 | 2025-10-22 | WordPress Front End Users plugin <= 3.2.33 - Broken Access Control vulnerability |
| CVE-2025-62073 | 2025-10-22 | WordPress MeetingHub plugin <= 1.23.9 - Broken Access Control vulnerability |
| CVE-2025-11966 | 2025-10-22 | In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title,... |
| CVE-2025-11965 | 2025-10-22 | In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve... |
| CVE-2025-62525 | 2025-10-22 | OpenWrt vulnerable to local privilage escalation |
| CVE-2025-62526 | 2025-10-22 | OpenWrt ubusd vulnerable to heap buffer overflow |
| CVE-2025-62604 | 2025-10-22 | MeterSphere logic flaw allows retrieval of arbitrary user information |
| CVE-2025-62606 | 2025-10-22 | my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter |
| CVE-2025-23299 | 2025-10-22 | NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code. |
| CVE-2025-62659 | 2025-10-22 | The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors |
| CVE-2025-62607 | 2025-10-22 | Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL |
| CVE-2025-8677 | 2025-10-22 | Resource exhaustion via malformed DNSKEY handling |
| CVE-2025-40778 | 2025-10-22 | Cache poisoning attacks with unsolicited RRs |
| CVE-2025-40780 | 2025-10-22 | Cache poisoning due to weak PRNG |
| CVE-2025-22175 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-22177 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-22168 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-22171 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users. |
| CVE-2025-22176 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-22172 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-22174 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-22170 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with... |
| CVE-2025-22173 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-22169 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-22178 | 2025-10-22 | Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able... |
| CVE-2025-11958 | 2025-10-22 | An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard... |
| CVE-2025-11957 | 2025-10-22 | Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and... |
| CVE-2025-24934 | 2025-10-22 | SO_REUSEPORT_LB breaks connect(2) for UDP sockets |
| CVE-2025-58712 | 2025-10-22 | Amq: privilege escalation via excessive /etc/passwd permissions |
| CVE-2025-62248 | 2025-10-22 | A reflected cross-site scripting (XSS) vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through... |
| CVE-2025-62513 | 2025-10-22 | OpenBao leaks HTTPRawBody in Audit Logs |
| CVE-2025-62610 | 2025-10-22 | Hono Improperly Authorizes JWT Audience Validation |
| CVE-2025-62247 | 2025-10-22 | Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through... |
| CVE-2025-62611 | 2025-10-22 | aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server |
| CVE-2025-62612 | 2025-10-22 | FastGPT File Reading Node SSRF Vulnerability |