Lista CVE - 2025 / Ottobre
Visualizzazione 4001 - 4100 di 4280 CVE per Ottobre 2025 (Pagina 41 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-12475 | 2025-10-30 | Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-62231 | 2025-10-30 | Xorg: xmayland: value overflow in xkbsetcompatmap() |
| CVE-2025-62230 | 2025-10-30 | Xorg: xwayland: use-after-free in xkb client resource removal |
| CVE-2025-11627 | 2025-10-30 | Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue <= 1.47 - Unauthenticated Log File Poisoning |
| CVE-2025-10008 | 2025-10-30 | Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion |
| CVE-2025-62229 | 2025-10-30 | Xorg: xmayland: use-after-free in xpresentnotify structure creation |
| CVE-2025-10636 | 2025-10-30 | NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS |
| CVE-2025-11881 | 2025-10-30 | AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure |
| CVE-2025-11906 | 2025-10-30 | Privilege escalation via writable configuration files in Progress Flowmon |
| CVE-2025-62503 | 2025-10-30 | Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables) |
| CVE-2025-62402 | 2025-10-30 | Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API |
| CVE-2025-54470 | 2025-10-30 | NeuVector telemetry sender is vulnerable to MITM and DoS |
| CVE-2025-54469 | 2025-10-30 | NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow |
| CVE-2025-54941 | 2025-10-30 | Apache Airflow: Command injection in "example_dag_decorator" |
| CVE-2025-54471 | 2025-10-30 | NeuVector is shipping cryptographic material into its binary |
| CVE-2025-40086 | 2025-10-30 | drm/xe: Don't allow evicting of BOs in same VM in array of VM binds |
| CVE-2025-40087 | 2025-10-30 | NFSD: Define a proc_layoutcommit for the FlexFiles layout type |
| CVE-2025-40088 | 2025-10-30 | hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() |
| CVE-2025-40089 | 2025-10-30 | cxl/features: Add check for no entries in cxl_feature_info |
| CVE-2025-40090 | 2025-10-30 | ksmbd: fix recursive locking in RPC handle list access |
| CVE-2025-40091 | 2025-10-30 | ixgbe: fix too early devlink_free() in ixgbe_remove() |
| CVE-2025-40092 | 2025-10-30 | usb: gadget: f_ncm: Refactor bind path to use __free() |
| CVE-2025-40093 | 2025-10-30 | usb: gadget: f_ecm: Refactor bind path to use __free() |
| CVE-2025-40094 | 2025-10-30 | usb: gadget: f_acm: Refactor bind path to use __free() |
| CVE-2025-40095 | 2025-10-30 | usb: gadget: f_rndis: Refactor bind path to use __free() |
| CVE-2025-40096 | 2025-10-30 | drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies |
| CVE-2025-40097 | 2025-10-30 | ALSA: hda: Fix missing pointer check in hda_component_manager_init function |
| CVE-2025-40098 | 2025-10-30 | ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() |
| CVE-2025-40099 | 2025-10-30 | cifs: parse_dfs_referrals: prevent oob on malformed input |
| CVE-2025-40100 | 2025-10-30 | btrfs: do not assert we found block group item when creating free space tree |
| CVE-2025-40101 | 2025-10-30 | btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST |
| CVE-2025-40102 | 2025-10-30 | KVM: arm64: Prevent access to vCPU events before init |
| CVE-2025-40103 | 2025-10-30 | smb: client: Fix refcount leak for cifs_sb_tlink |
| CVE-2025-40104 | 2025-10-30 | ixgbevf: fix mailbox API compatibility by negotiating supported features |
| CVE-2025-40105 | 2025-10-30 | vfs: Don't leak disconnected dentries on umount |
| CVE-2025-53880 | 2025-10-30 | susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal |
| CVE-2025-39663 | 2025-10-30 | Cross Site Scripting through compromised remote site |
| CVE-2025-53883 | 2025-10-30 | spacewalk-java has various XSS issues on search page |
| CVE-2025-10317 | 2025-10-30 | Multiple Cross-Site Request Forgery in Quick.Cart |
| CVE-2025-10348 | 2025-10-30 | Stored Cross-Site Scripting in URVE Smart Office |
| CVE-2025-43941 | 2025-10-30 | Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-43940 | 2025-10-30 | Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-43939 | 2025-10-30 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-43027 | 2025-10-30 | A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The... |
| CVE-2025-46423 | 2025-10-30 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-46422 | 2025-10-30 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-5342 | 2025-10-30 | Denial of Service (DoS) |
| CVE-2025-43942 | 2025-10-30 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-5343 | 2025-10-30 | Stored XSS |
| CVE-2025-5347 | 2025-10-30 | Stored XSS |
| CVE-2025-46363 | 2025-10-30 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API... |
| CVE-2025-36592 | 2025-10-30 | Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with... |
| CVE-2025-12515 | 2025-10-30 | Systemic Internal Server Errors - HTTP 500 Response |
| CVE-2025-12516 | 2025-10-30 | Lack of Graceful Error Handling - HTTP 5xx Error |
| CVE-2025-12517 | 2025-10-30 | Credits Page not Matching Versions in Use in the Firmware |
| CVE-2025-11998 | 2025-10-30 | HP Card Readers (B Models) – Potential Information Disclosure |
| CVE-2025-62712 | 2025-10-30 | JumpServer Connection Token Leak Vulnerability |
| CVE-2025-62726 | 2025-10-30 | n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook |
| CVE-2025-62795 | 2025-10-30 | JumpServer Unauthorized LDAP Configuration Access via WebSocket |
| CVE-2025-64096 | 2025-10-30 | CryptoLib vulnerable to Stack Buffer Overflow in Crypto_Key_Update due to missing TLV length check |
| CVE-2025-12060 | 2025-10-30 | Keras keras.utils.get_file Utility Path Traversal Vulnerability |
| CVE-2025-64116 | 2025-10-30 | Movary vulnerable to an open redirect |
| CVE-2025-62266 | 2025-10-30 | By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older... |
| CVE-2025-64115 | 2025-10-30 | Movary unvalidated Referer header allows open redirect and phishing |
| CVE-2025-64112 | 2025-10-30 | Statmatic vulnerable to Stored Cross-Site Scripting |
| CVE-2025-64118 | 2025-10-30 | node-tar vulnerable to race condition leading to uninitialized memory exposure |
| CVE-2025-62265 | 2025-10-30 | Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through... |
| CVE-2025-36137 | 2025-10-30 | IBM Sterling Connect:Direct for UNIX command execution |
| CVE-2025-3355 | 2025-10-30 | IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations |
| CVE-2025-3356 | 2025-10-30 | IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations |
| CVE-2025-8850 | 2025-10-30 | Insecure API Design in danny-avila/librechat |
| CVE-2021-4461 | 2025-10-30 | Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass |
| CVE-2023-7325 | 2025-10-30 | Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF |
| CVE-2023-7312 | 2025-10-30 | Nagios Fusion < 4.2.0 Email Settings Stored XSS via SMTP/sendmail |
| CVE-2023-53690 | 2025-10-30 | Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS |
| CVE-2023-53689 | 2025-10-30 | Nagios Fusion < 4.2.0 License Information Reflected XSS |
| CVE-2018-25119 | 2025-10-30 | Nagios Fusion < 4.1.5 XSS via fusionwindow Parameter |
| CVE-2017-20209 | 2025-10-30 | Nagios Fusion < 4.0.1 XSS via Users/Servers Page |
| CVE-2025-34270 | 2025-10-30 | Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated |
| CVE-2025-34271 | 2025-10-30 | Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext |
| CVE-2016-15049 | 2025-10-30 | Nagios Log Server < 1.4.2 Dashboards Logs Table XSS |
| CVE-2023-7322 | 2025-10-30 | Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access |
| CVE-2025-34274 | 2025-10-30 | Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges |
| CVE-2024-58273 | 2025-10-30 | Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root |
| CVE-2025-34273 | 2025-10-30 | Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion |
| CVE-2025-34272 | 2025-10-30 | Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback |
| CVE-2025-34277 | 2025-10-30 | Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID |
| CVE-2025-34298 | 2025-10-30 | Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation |
| CVE-2020-36858 | 2025-10-30 | Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages |
| CVE-2023-7323 | 2025-10-30 | Nagios Log Server < 2024R1 XSS via Create User Function |
| CVE-2023-7321 | 2025-10-30 | Nagios Log Server < 2.1.14 XSS via Snapshots Page |
| CVE-2025-34280 | 2025-10-30 | Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certificate Removal Function |
| CVE-2025-34278 | 2025-10-30 | Nagios Network Analyzer < 2024R1 Source Groups / Percentile Calculator Menu Stored XSS |
| CVE-2023-7319 | 2025-10-30 | Nagios Network Analyzer < 2024R1 XSS via Percentile Calculator Menu |
| CVE-2024-13999 | 2025-10-30 | Nagios XI < 2024R1.1.3 AD/LDAP Token Authenticated Information Disclosure |
| CVE-2024-13994 | 2025-10-30 | Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization |
| CVE-2025-34283 | 2025-10-30 | Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes |
| CVE-2024-13995 | 2025-10-30 | Nagios XI < 2024R1.1.2 API Keys & Hashed Passwords Authenticated Information Disclosure |
| CVE-2025-34284 | 2025-10-30 | Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin |
| CVE-2024-14002 | 2025-10-30 | Nagios XI < 2024R1.1.4 Authenticated Local File Inclusion via NagVis |