Lista CVE - 2025 / Luglio
Visualizzazione 1 - 100 di 3776 CVE per Luglio 2025 (Pagina 1 di 38)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-45081 | 2025-07-01 | Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data. |
| CVE-2025-45083 | 2025-07-01 | Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via unspecified vectors. |
| CVE-2025-45872 | 2025-07-01 | zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter. |
| CVE-2025-50404 | 2025-07-01 | Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the... |
| CVE-2025-50405 | 2025-07-01 | Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function. |
| CVE-2025-50641 | 2025-07-01 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId. |
| CVE-2025-52101 | 2025-07-01 | linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then... |
| CVE-2025-52294 | 2025-07-01 | Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance. |
| CVE-2025-6936 | 2025-07-01 | code-projects Simple Pizza Ordering System addpro.php sql injection |
| CVE-2025-6937 | 2025-07-01 | code-projects Simple Pizza Ordering System large.php sql injection |
| CVE-2025-53005 | 2025-07-01 | Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability |
| CVE-2025-36056 | 2025-07-01 | IBM System Storage Virtualization Engine TS7700 cross-site scripting |
| CVE-2025-2141 | 2025-07-01 | IBM System Storage Virtualization Engine TS7700 cross-site scripting |
| CVE-2025-53003 | 2025-07-01 | Janssen Config API returns results without scope verification |
| CVE-2025-6938 | 2025-07-01 | code-projects Simple Pizza Ordering System editcus.php sql injection |
| CVE-2025-53096 | 2025-07-01 | Sunshine clickjacking in the UI leads to unauthorized actions being performed |
| CVE-2025-53095 | 2025-07-01 | Sunshine application-wide CSRF in the UI leads to command injection as Administrator |
| CVE-2024-46992 | 2025-07-01 | Electron ASAR Integrity bypass by just modifying the content |
| CVE-2024-46993 | 2025-07-01 | Electron Vulnerable to Heap Buffer Overflow in NativeImage::CreateFromPath |
| CVE-2025-6939 | 2025-07-01 | TOTOLINK A3002RU HTTP POST Request formWlSiteSurvey buffer overflow |
| CVE-2024-49365 | 2025-07-01 | tiny-secp256k1 allows for verify() bypass when running in bundled environment |
| CVE-2024-49364 | 2025-07-01 | tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment |
| CVE-2025-6940 | 2025-07-01 | TOTOLINK A702R HTTP POST Request formParentControl buffer overflow |
| CVE-2025-5967 | 2025-07-01 | A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of... |
| CVE-2025-6081 | 2025-07-01 | Pass-back attack in Konica Minolta bizhub 227 multifunctional printers |
| CVE-2025-6934 | 2025-07-01 | Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' |
| CVE-2025-41656 | 2025-07-01 | Pilz: Missing Authentication in Node-RED integration |
| CVE-2025-41648 | 2025-07-01 | Pilz: Authentication Bypass in IndustrialPI Webstatus |
| CVE-2025-5072 | 2025-07-01 | Resource leaks in cm |
| CVE-2025-6756 | 2025-07-01 | Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode |
| CVE-2025-49489 | 2025-07-01 | Resource leaks in cm |
| CVE-2025-49490 | 2025-07-01 | Resource leaks in router |
| CVE-2025-49491 | 2025-07-01 | Resource leaks in traffic_stat |
| CVE-2025-6224 | 2025-07-01 | Key leakage in juju/utils certificates |
| CVE-2025-49492 | 2025-07-01 | Out-of-bounds write in lte-telephony |
| CVE-2025-49488 | 2025-07-01 | Resource leaks in router |
| CVE-2025-49480 | 2025-07-01 | Out-of-bounds access in lte-telephony |
| CVE-2025-49481 | 2025-07-01 | Resource leaks in router |
| CVE-2025-5314 | 2025-07-01 | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' |
| CVE-2025-49482 | 2025-07-01 | Resource leaks in tr069 |
| CVE-2025-49483 | 2025-07-01 | Resource leaks in tr069 |
| CVE-2025-6951 | 2025-07-01 | SAFECAM X300 FTP Service default credentials |
| CVE-2025-6952 | 2025-07-01 | Open5GS AMF Service amf-sm.c amf_state_operational assertion |
| CVE-2025-36582 | 2025-07-01 | Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to... |
| CVE-2025-6920 | 2025-07-01 | Ai-inference-server: authentication bypass via unprotected inference endpoint in api |
| CVE-2025-49029 | 2025-07-01 | WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability |
| CVE-2025-6953 | 2025-07-01 | TOTOLINK A3002RU HTTP POST Request formParentControl buffer overflow |
| CVE-2025-6954 | 2025-07-01 | Campcodes Employee Management System applyleave.php sql injection |
| CVE-2025-6955 | 2025-07-01 | Campcodes Employee Management System aprocess.php sql injection |
| CVE-2025-6956 | 2025-07-01 | Campcodes Employee Management System changepassemp.php sql injection |
| CVE-2025-37097 | 2025-07-01 | A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service |
| CVE-2025-6957 | 2025-07-01 | Campcodes Employee Management System eprocess.php sql injection |
| CVE-2025-6958 | 2025-07-01 | Campcodes Employee Management System edit.php sql injection |
| CVE-2025-37098 | 2025-07-01 | A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. |
| CVE-2025-34050 | 2025-07-01 | AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery |
| CVE-2025-34051 | 2025-07-01 | AVTECH DVR Devices Server-Side Request Forgery |
| CVE-2025-34053 | 2025-07-01 | AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation |
| CVE-2025-34054 | 2025-07-01 | AVTECH DVR Devices Unauthenticated Command Injection |
| CVE-2025-34055 | 2025-07-01 | AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution |
| CVE-2025-34056 | 2025-07-01 | AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution |
| CVE-2025-34065 | 2025-07-01 | AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path |
| CVE-2025-34066 | 2025-07-01 | AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure |
| CVE-2025-34058 | 2025-07-01 | Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read |
| CVE-2025-34059 | 2025-07-01 | Dahua Smart Cloud Gateway Registration Management Platform SQL Injection |
| CVE-2025-34060 | 2025-07-01 | Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery |
| CVE-2025-34062 | 2025-07-01 | OneLogin AD Connector API Credential and Signing Key Exposure |
| CVE-2025-34063 | 2025-07-01 | OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key |
| CVE-2025-34064 | 2025-07-01 | OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage |
| CVE-2025-53099 | 2025-07-01 | Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation |
| CVE-2025-6959 | 2025-07-01 | Campcodes Employee Management System eloginwel.php sql injection |
| CVE-2025-6960 | 2025-07-01 | Campcodes Employee Management System empproject.php sql injection |
| CVE-2025-6961 | 2025-07-01 | Campcodes Employee Management System mark.php sql injection |
| CVE-2025-6962 | 2025-07-01 | Campcodes Employee Management System myprofileup.php sql injection |
| CVE-2025-6963 | 2025-07-01 | Campcodes Employee Management System myprofile.php sql injection |
| CVE-2025-6297 | 2025-07-01 | dpkg-deb: Fix cleanup for control member with restricted directories |
| CVE-2025-37099 | 2025-07-01 | A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. |
| CVE-2025-53100 | 2025-07-01 | RestDB's Codehooks.io MCP Server Vulnerable to Command Injection |
| CVE-2025-34080 | 2025-07-01 | CONPROSYS HMI System (CHS) < 3.7.7 Reflected Cross-Site Scripting |
| CVE-2025-53107 | 2025-07-01 | @cyanheads/git-mcp-server vulnerable to command injection in several tools |
| CVE-2025-34081 | 2025-07-01 | CONPROSYS HMI System (CHS) < 3.7.7 Exposed PHP Debug Info |
| CVE-2025-53103 | 2025-07-01 | JUnit OpenTestReportGeneratingListener can leak Git credentials |
| CVE-2025-53104 | 2025-07-01 | gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow |
| CVE-2025-27153 | 2025-07-01 | Escalade GLPI Plugin Vulnerable to Improper Access Control |
| CVE-2025-48379 | 2025-07-01 | Pillow Vulnerable to Write Buffer Overflow on BCn encoding |
| CVE-2025-6600 | 2025-07-01 | GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API |
| CVE-2025-46259 | 2025-07-01 | WordPress The Plus Addons for Elementor - Pro Plugin < 6.3.7 - Broken Access Control vulnerability |
| CVE-2025-49741 | 2025-07-01 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2025-36630 | 2025-07-01 | Local Privilege Escalation |
| CVE-2025-45029 | 2025-07-02 | WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi. |
| CVE-2025-45424 | 2025-07-02 | Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication. |
| CVE-2025-45813 | 2025-07-02 | ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials. |
| CVE-2025-45814 | 2025-07-02 | Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack. |
| CVE-2025-52925 | 2025-07-02 | In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812. |
| CVE-2025-5692 | 2025-07-02 | Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions |
| CVE-2025-4689 | 2025-07-02 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution |
| CVE-2025-4381 | 2025-07-02 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection |
| CVE-2025-6459 | 2025-07-02 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate |
| CVE-2025-6687 | 2025-07-02 | Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode |
| CVE-2025-4380 | 2025-07-02 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion |
| CVE-2025-5746 | 2025-07-02 | Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload |