Lista CVE - 2025 / Ottobre
Visualizzazione 4201 - 4280 di 4280 CVE per Ottobre 2025 (Pagina 43 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-6176 | 2025-10-31 | Brotli decompression bomb DoS in scrapy/scrapy |
| CVE-2025-11975 | 2025-10-31 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation |
| CVE-2025-11806 | 2025-10-31 | Qzzr Shortcode Plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-58152 | 2025-10-31 | FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request,... |
| CVE-2025-54763 | 2025-10-31 | FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may... |
| CVE-2025-11191 | 2025-10-31 | RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST |
| CVE-2025-5397 | 2025-10-31 | Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass |
| CVE-2025-8489 | 2025-10-31 | King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation |
| CVE-2025-7846 | 2025-10-31 | WordPress User Extra Fields <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function |
| CVE-2025-10897 | 2025-10-31 | WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read |
| CVE-2025-8385 | 2025-10-31 | Zombify <= 1.7.5 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read |
| CVE-2025-6520 | 2025-10-31 | SQLi in Abis Technology's BAPSIS |
| CVE-2025-12175 | 2025-10-31 | The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure |
| CVE-2025-12094 | 2025-10-31 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing |
| CVE-2025-8383 | 2025-10-31 | Depicter <= 4.0.4 - Cross-Site Request Forgery |
| CVE-2025-62232 | 2025-10-31 | Apache APISIX: basic-auth logs plaintext credentials at info level |
| CVE-2025-30188 | 2025-10-31 | Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads... |
| CVE-2025-30191 | 2025-10-31 | Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would... |
| CVE-2025-30189 | 2025-10-31 | When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent... |
| CVE-2025-12041 | 2025-10-31 | ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download |
| CVE-2025-12115 | 2025-10-31 | WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration |
| CVE-2025-40106 | 2025-10-31 | comedi: fix divide-by-zero in comedi_buf_munge() |
| CVE-2025-11843 | 2025-10-31 | Therefore™ Online and Therefore™ On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data |
| CVE-2025-11602 | 2025-10-31 | Untargeted information leak in Bolt protocol handshake |
| CVE-2025-40603 | 2025-10-31 | A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. |
| CVE-2025-64350 | 2025-10-31 | WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability |
| CVE-2025-64351 | 2025-10-31 | WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-64352 | 2025-10-31 | WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability |
| CVE-2025-64353 | 2025-10-31 | WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability |
| CVE-2025-64354 | 2025-10-31 | WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64356 | 2025-10-31 | WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Broken Access Control vulnerability |
| CVE-2025-64357 | 2025-10-31 | WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64358 | 2025-10-31 | WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2025-64359 | 2025-10-31 | WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability |
| CVE-2025-64360 | 2025-10-31 | WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2025-64361 | 2025-10-31 | WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64362 | 2025-10-31 | WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64363 | 2025-10-31 | WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability |
| CVE-2025-64364 | 2025-10-31 | WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability |
| CVE-2025-64365 | 2025-10-31 | WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64366 | 2025-10-31 | WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability |
| CVE-2025-64367 | 2025-10-31 | WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64368 | 2025-10-31 | WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-58147 | 2025-10-31 | x86: Incorrect input sanitisation in Viridian hypercalls |
| CVE-2025-58148 | 2025-10-31 | x86: Incorrect input sanitisation in Viridian hypercalls |
| CVE-2025-58149 | 2025-10-31 | Incorrect removal of permissions on PCI device unplug |
| CVE-2025-4952 | 2025-10-31 | Denial-of-service vulnerability in ESET security products for Windows |
| CVE-2024-13992 | 2025-10-31 | Nagios XI < 2024R1.1 XSS via Missing Page / 404 |
| CVE-2025-33003 | 2025-10-31 | IBM InfoSphere Information Server is vulnerable to privilege escalation |
| CVE-2025-36249 | 2025-10-31 | IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL |
| CVE-2025-64386 | 2025-10-31 | HIJACKING OF THE TOKEN AND GAINING ACCESS |
| CVE-2025-12521 | 2025-10-31 | Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure |
| CVE-2025-12460 | 2025-10-31 | Stored XSS vulnerability in Afterlogic Aurora webmail |
| CVE-2025-12501 | 2025-10-31 | Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects... |
| CVE-2025-64387 | 2025-10-31 | CLICKJACKING |
| CVE-2025-64388 | 2025-10-31 | Denial of service through specific packets |
| CVE-2025-64389 | 2025-10-31 | EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT |
| CVE-2025-64385 | 2025-10-31 | INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES |
| CVE-2025-64168 | 2025-10-31 | Agno session state overwrites between different sessions/users |
| CVE-2025-12357 | 2025-10-31 | International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints |
| CVE-2025-12552 | 2025-10-31 | Insufficient Password Policy |
| CVE-2025-12553 | 2025-10-31 | Server Certificate Verification Disabled |
| CVE-2025-12507 | 2025-10-31 | Insecure service configuration – unquoted path |
| CVE-2025-12508 | 2025-10-31 | Unencrypted communication to Active Directory services |
| CVE-2025-12509 | 2025-10-31 | Scripts for the module Global_Shipping executable on BRAIN2 Server |
| CVE-2025-12554 | 2025-10-31 | Missing Security Headers |
| CVE-2025-6075 | 2025-10-31 | Quadratic complexity in os.path.expandvars() with user-controlled template |
| CVE-2025-59501 | 2025-10-31 | Microsoft Configuration Manager Spoofing Vulnerability |
| CVE-2025-62264 | 2025-10-31 | Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92... |
| CVE-2025-62267 | 2025-10-31 | Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35... |
| CVE-2025-62618 | 2025-10-31 | ELOG file upload stored XSS |
| CVE-2025-64348 | 2025-10-31 | ELOG configuration file authorization bypass |
| CVE-2025-64349 | 2025-10-31 | ELOG user profile missing authorization |
| CVE-2025-12546 | 2025-10-31 | LogicalDOC Community Edition API Key creation UI cross site scripting |
| CVE-2025-12547 | 2025-10-31 | LogicalDOC Community Edition Admin Login login.jsp excessive authentication |
| CVE-2025-10693 | 2025-10-31 | Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure |
| CVE-2025-60711 | 2025-10-31 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2025-12464 | 2025-10-31 | Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode |
| CVE-2025-62276 | 2025-10-31 | The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through... |
| CVE-2025-11816 | 2025-11-01 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to Unauthenticated API Disconnect |
| CVE-2025-11174 | 2025-11-01 | Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure |
| CVE-2025-11920 | 2025-11-01 | WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2025-11922 | 2025-11-01 | Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-62275 | 2025-11-01 | Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does... |
| CVE-2025-11833 | 2025-11-01 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure |
| CVE-2025-12367 | 2025-11-01 | SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update |
| CVE-2025-11928 | 2025-11-01 | CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-11377 | 2025-11-01 | List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure |
| CVE-2025-11995 | 2025-11-01 | Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-12118 | 2025-11-01 | Schema Scalpel <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in JSON-LD Schema |
| CVE-2025-5949 | 2025-11-01 | Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password |
| CVE-2025-11927 | 2025-11-01 | Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-12180 | 2025-11-01 | Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update |
| CVE-2025-12090 | 2025-11-01 | Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11983 | 2025-11-01 | WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure |
| CVE-2025-12038 | 2025-11-01 | Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion |
| CVE-2025-11740 | 2025-11-01 | wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) SQL Injection |
| CVE-2025-11502 | 2025-11-01 | Schema & Structured Data for WP & AMP <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6574 | 2025-11-01 | Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover |
| CVE-2025-11499 | 2025-11-01 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload |