Lista CVE - 2025 / Ottobre
Visualizzazione 3501 - 3600 di 4280 CVE per Ottobre 2025 (Pagina 36 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-12215 | 2025-10-27 | projectworlds Online Shopping System login_submit.php sql injection |
| CVE-2025-12222 | 2025-10-27 | Bdtask Flight Booking Software Deposit deposit unrestricted upload |
| CVE-2025-12223 | 2025-10-27 | Bdtask Flight Booking Software Package Information package-information unrestricted upload |
| CVE-2025-12224 | 2025-10-27 | Iqbolshoh php-business-website contact.php cross site scripting |
| CVE-2025-12225 | 2025-10-27 | Tenda AC6 HTTP Request WifiGuestSet stack-based overflow |
| CVE-2025-12226 | 2025-10-27 | SourceCodester Best House Rental Management System admin_class.php save_house sql injection |
| CVE-2025-12227 | 2025-10-27 | projectworlds Gate Pass Management System add-pass.php cross site scripting |
| CVE-2025-12228 | 2025-10-27 | projectworlds Expense Management System Users Page create cross site scripting |
| CVE-2025-12229 | 2025-10-27 | projectworlds Expense Management System Roles Page create cross site scripting |
| CVE-2025-11154 | 2025-10-27 | IDonate < 2.1.13 - Unauthenticated User Deletion |
| CVE-2025-12230 | 2025-10-27 | projectworlds Expense Management System Currency create cross site scripting |
| CVE-2025-12231 | 2025-10-27 | projectworlds Expense Management System Expense Categories create cross site scripting |
| CVE-2025-12232 | 2025-10-27 | Tenda CH22 SafeClientFilter fromSafeClientFilter buffer overflow |
| CVE-2025-12233 | 2025-10-27 | Tenda CH22 SafeUrlFilter fromSafeUrlFilter buffer overflow |
| CVE-2025-12234 | 2025-10-27 | Tenda CH22 SafeMacFilter fromSafeMacFilter buffer overflow |
| CVE-2025-12235 | 2025-10-27 | Tenda CH22 SetIpBind fromSetIpBind buffer overflow |
| CVE-2025-12236 | 2025-10-27 | Tenda CH22 DhcpListClient fromDhcpListClient buffer overflow |
| CVE-2025-12237 | 2025-10-27 | projectworlds Advanced Library Management System index.php sql injection |
| CVE-2025-12238 | 2025-10-27 | code-projects Automated Voting System user.php sql injection |
| CVE-2025-12239 | 2025-10-27 | TOTOLINK A3300R cstecgi.cgi setDdnsCfg buffer overflow |
| CVE-2025-12240 | 2025-10-27 | TOTOLINK A3300R cstecgi.cgi setDmzCfg buffer overflow |
| CVE-2025-12055 | 2025-10-27 | Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System |
| CVE-2025-12241 | 2025-10-27 | TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow |
| CVE-2025-12242 | 2025-10-27 | CodeAstro Gym Management System check-attendance.php sql injection |
| CVE-2025-12243 | 2025-10-27 | code-projects Client Details System GET Parameter welcome.php sql injection |
| CVE-2025-12244 | 2025-10-27 | code-projects Simple E-Banking System register.php cross site scripting |
| CVE-2025-12245 | 2025-10-27 | chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation |
| CVE-2025-12246 | 2025-10-27 | chatwoot Admin IframeLoader.vue cross site scripting |
| CVE-2025-11682 | 2025-10-27 | Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform |
| CVE-2025-12247 | 2025-10-27 | Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path |
| CVE-2025-12248 | 2025-10-27 | CLTPHP search.html sql injection |
| CVE-2025-12249 | 2025-10-27 | Axosoft Scrum and Bug Tracking Edit Ticket csv injection |
| CVE-2025-12250 | 2025-10-27 | OpenWGA TMLScript API WGA.File path traversal |
| CVE-2025-12251 | 2025-10-27 | OpenWGA Admin UI cross site scripting |
| CVE-2025-12252 | 2025-10-27 | code-projects Online Event Judging System action.php sql injection |
| CVE-2025-46582 | 2025-10-27 | Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product |
| CVE-2025-12080 | 2025-10-27 | Intent Abuse in Google Messages for Wear OS for Silent Message Sending |
| CVE-2025-12253 | 2025-10-27 | AMTT Hotel Broadband Operation System get_expiredtime.php sql injection |
| CVE-2025-12254 | 2025-10-27 | code-projects Online Event Judging System add_judge.php sql injection |
| CVE-2025-12255 | 2025-10-27 | code-projects Online Event Judging System add_contestant.php sql injection |
| CVE-2025-46583 | 2025-10-27 | DOS Vulnerability in ZTE MC889A Pro product |
| CVE-2025-12256 | 2025-10-27 | code-projects Online Event Judging System edit_contestant.php sql injection |
| CVE-2025-12257 | 2025-10-27 | SourceCodester Online Student Result System view_result.php sql injection |
| CVE-2025-12258 | 2025-10-27 | TOTOLINK A3300R POST Parameter cstecgi.cg setOpModeCfg stack-based overflow |
| CVE-2025-12259 | 2025-10-27 | TOTOLINK A3300R POST Parameter cstecgi.cgi setScheduleCfg stack-based overflow |
| CVE-2025-12260 | 2025-10-27 | TOTOLINK A3300R POST Parameter cstecgi.cgi setSyslogCfg stack-based overflow |
| CVE-2025-12261 | 2025-10-27 | CodeAstro Gym Management System remove-announcement.php sql injection |
| CVE-2025-8432 | 2025-10-27 | CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON |
| CVE-2025-59459 | 2025-10-27 | Denial-of-service (DoS) via resource consumption |
| CVE-2025-59460 | 2025-10-27 | Unsecure access configuration |
| CVE-2025-59461 | 2025-10-27 | API does not require authentication |
| CVE-2025-59462 | 2025-10-27 | Denial-of-service (DoS) via delayed or missing client response |
| CVE-2025-59463 | 2025-10-27 | Denial-of-service (DoS) via chunk size mismatch |
| CVE-2025-12262 | 2025-10-27 | code-projects Online Event Judging System edit_criteria.php sql injection |
| CVE-2025-12263 | 2025-10-27 | code-projects Online Event Judging System edit_judge.php sql injection |
| CVE-2025-12264 | 2025-10-27 | Wisencode Create Support Ticket create cross site scripting |
| CVE-2025-12265 | 2025-10-27 | Tenda CH22 VirtualSer fromVirtualSer buffer overflow |
| CVE-2025-12266 | 2025-10-27 | Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection |
| CVE-2025-12267 | 2025-10-27 | abhicodebox ModernShop search cross site scripting |
| CVE-2025-11955 | 2025-10-27 | Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise |
| CVE-2025-12268 | 2025-10-27 | LearnHouse Course Thumbnail courses unrestricted upload |
| CVE-2025-12269 | 2025-10-27 | LearnHouse Account Setting previews cross site scripting |
| CVE-2025-41009 | 2025-10-27 | SQL injection on the virtual campus platform of Diseño de Recursos Educativos |
| CVE-2025-12270 | 2025-10-27 | LearnHouse Student Assignment Submission sub_file resource injection |
| CVE-2025-12271 | 2025-10-27 | Tenda CH22 RouteStatic fromRouteStatic buffer overflow |
| CVE-2025-12272 | 2025-10-27 | Tenda CH22 addressNat fromAddressNat buffer overflow |
| CVE-2025-12273 | 2025-10-27 | Tenda CH22 webExcptypemanFilter fromwebExcptypemanFilter buffer overflow |
| CVE-2025-12274 | 2025-10-27 | Tenda CH22 P2pListFilter fromP2pListFilter buffer overflow |
| CVE-2025-41067 | 2025-10-27 | Reachable Assertion vulnerability in Open5GS |
| CVE-2025-41068 | 2025-10-27 | Reachable Assertion vulnerability in Open5GS |
| CVE-2025-41384 | 2025-10-27 | Reflected Cross-Site Scripting (XSS) in SuiteCRM |
| CVE-2025-11248 | 2025-10-27 | Sensitive Information Logged |
| CVE-2025-12276 | 2025-10-27 | LearnHouse Image information disclosure |
| CVE-2025-12277 | 2025-10-27 | Abdullah-Hasan-Sajjad Online-School studentLogin.php sql injection |
| CVE-2025-12279 | 2025-10-27 | code-projects Client Details System welcome.php cross site scripting |
| CVE-2025-12280 | 2025-10-27 | code-projects Client Details System update-clients.php cross site scripting |
| CVE-2025-12281 | 2025-10-27 | code-projects Client Details System clientview.php cross site scripting |
| CVE-2025-12282 | 2025-10-27 | code-projects Client Details System manage-users.php cross site scripting |
| CVE-2025-50055 | 2025-10-27 | Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary... |
| CVE-2025-9164 | 2025-10-27 | Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows |
| CVE-2025-12283 | 2025-10-27 | code-projects Client Details System authorization |
| CVE-2025-12286 | 2025-10-27 | VeePN AVService avservice.exe unquoted search path |
| CVE-2025-12287 | 2025-10-27 | Bdtask Wholesale Inventory Control and Inventory Management System edit_profile sql injection |
| CVE-2025-12288 | 2025-10-27 | Bdtask Pharmacy Management System User Profile edit_user authorization |
| CVE-2025-34292 | 2025-10-27 | BeWelcome/Rox PHP Object Injection RCE |
| CVE-2025-26862 | 2025-10-27 | PingFederate unexpected browser flow initiation in redirectless mode |
| CVE-2025-36121 | 2025-10-27 | HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application |
| CVE-2025-12289 | 2025-10-27 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting |
| CVE-2025-12290 | 2025-10-27 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting |
| CVE-2025-12351 | 2025-10-27 | Inadequate access control measure allows unauthorized users to access restricted administrative functions |
| CVE-2025-10023 | 2025-10-27 | A user with elevated privileges can inject XSS in the Services Meta-services configuration page |
| CVE-2025-34133 | 2025-10-27 | Wimi Teamwork < v7.38.17 CSRF |
| CVE-2025-12291 | 2025-10-27 | ashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System Add Product index.php unrestricted upload |
| CVE-2025-12292 | 2025-10-27 | SourceCodester Point of Sales index.php sql injection |
| CVE-2025-12293 | 2025-10-27 | SourceCodester Point of Sales category.php sql injection |
| CVE-2025-12294 | 2025-10-27 | SourceCodester Point of Sales delete_category.php sql injection |
| CVE-2025-12295 | 2025-10-27 | D-Link DAP-2695 Firmware Update sub_40C6B8 signature verification |
| CVE-2025-12296 | 2025-10-27 | D-Link DAP-2695 Firmware Update sub_4174B0 os command injection |
| CVE-2025-12297 | 2025-10-27 | atjiu pybbs UserApiController.java information disclosure |
| CVE-2025-12298 | 2025-10-27 | code-projects Simple Food Ordering System editcategory.php cross site scripting |