Lista CVE - 2025 / Luglio
Visualizzazione 101 - 200 di 3776 CVE per Luglio 2025 (Pagina 2 di 38)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-6686 | 2025-07-02 | Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode |
| CVE-2025-4654 | 2025-07-02 | Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion |
| CVE-2025-5817 | 2025-07-02 | Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery |
| CVE-2025-6437 | 2025-07-02 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid |
| CVE-2025-5014 | 2025-07-02 | Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2025-5339 | 2025-07-02 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id' |
| CVE-2024-11405 | 2025-07-02 | WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting |
| CVE-2025-6463 | 2025-07-02 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion |
| CVE-2025-52462 | 2025-07-02 | Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when... |
| CVE-2025-52463 | 2025-07-02 | Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted... |
| CVE-2025-6464 | 2025-07-02 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion |
| CVE-2024-13451 | 2025-07-02 | Contact Form by Bit Form <= 2.17.5 - Unauthenticated Sensitive Information Exposure |
| CVE-2025-6017 | 2025-07-02 | Rhacm: users with clusterreader role can see credentials from managed-clusters |
| CVE-2024-13786 | 2025-07-02 | Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection |
| CVE-2025-24328 | 2025-07-02 | OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network |
| CVE-2025-24329 | 2025-07-02 | OAM service path traversal issue caused by a crafted SOAP message archive field within the RAN management network |
| CVE-2025-24330 | 2025-07-02 | OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network |
| CVE-2025-24331 | 2025-07-02 | Nokia Single RAN baseband OAM service extensive capabilities |
| CVE-2025-24332 | 2025-07-02 | Authenticated admin user can connect baseband internally from one board to another without needing to re-authentication |
| CVE-2025-24333 | 2025-07-02 | Administrative user shell input validation fault |
| CVE-2025-24334 | 2025-07-02 | The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network |
| CVE-2025-24335 | 2025-07-02 | SOAP message input validation fault could in theory cause OAM service resource exhaustion |
| CVE-2025-27021 | 2025-07-02 | Operating System Misconfiguration in Infinera G42 |
| CVE-2025-27022 | 2025-07-02 | Path Traversal Vulnerability in Infinera G42 |
| CVE-2025-27023 | 2025-07-02 | Improper Input Validation in Infinera G42 |
| CVE-2025-4946 | 2025-07-02 | Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function |
| CVE-2025-2330 | 2025-07-02 | All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget |
| CVE-2025-27024 | 2025-07-02 | Improper File Access in Infinera G42 |
| CVE-2025-27025 | 2025-07-02 | Improper File Access in Infinera G42 |
| CVE-2025-39362 | 2025-07-02 | WordPress Mollie Payments for WooCommerce plugin <= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-46647 | 2025-07-02 | Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect |
| CVE-2024-35164 | 2025-07-02 | Apache Guacamole: Improper input validation of console codes |
| CVE-2025-53106 | 2025-07-02 | Graylog vulnerable to privilege escalation through API tokens |
| CVE-2025-27026 | 2025-07-02 | Improper Access Control Granularity impacting Infinera G42 |
| CVE-2025-34057 | 2025-07-02 | Ruijie NBR Router Administrative Credential Disclosure |
| CVE-2025-34067 | 2025-07-02 | Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson |
| CVE-2025-34069 | 2025-07-02 | GFI Kerio Control GFIAgent Authentication Bypass via Proxy Forwarding |
| CVE-2025-34070 | 2025-07-02 | GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces |
| CVE-2025-34071 | 2025-07-02 | GFI Kerio Control Unsigned System Image Upload Root Code Execution |
| CVE-2025-34072 | 2025-07-02 | Anthropic Slack MCP Server Data Exfiltration via Link Unfurling |
| CVE-2025-34073 | 2025-07-02 | stamparm/maltrail <=0.54 Remote Command Execution |
| CVE-2025-49588 | 2025-07-02 | Linkwarden Local File Inclusion Vulnerability |
| CVE-2025-53006 | 2025-07-02 | Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability |
| CVE-2025-53494 | 2025-07-02 | Stored XSS in TwoColConflict |
| CVE-2025-53110 | 2025-07-02 | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix |
| CVE-2025-53109 | 2025-07-02 | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling |
| CVE-2025-53493 | 2025-07-02 | Stored XSS in MintyDocs |
| CVE-2025-6725 | 2025-07-02 | Cross-Site Scripting (XSS) in PdfViewer |
| CVE-2025-53492 | 2025-07-02 | Stored XSS in MintyDocs |
| CVE-2025-38091 | 2025-07-02 | drm/amd/display: check stream id dml21 wrapper to get plane_id |
| CVE-2025-38092 | 2025-07-02 | ksmbd: use list_first_entry_or_null for opinfo_get_list() |
| CVE-2025-38093 | 2025-07-02 | arm64: dts: qcom: x1e80100: Add GPU cooling |
| CVE-2025-53108 | 2025-07-02 | HomeBox Missing User Authorization |
| CVE-2025-52891 | 2025-07-02 | ModSecurity empty XML tag causes segmentation fault |
| CVE-2025-53358 | 2025-07-02 | kotaemon Vulnerable to Path Traversal via Link Upload |
| CVE-2025-6943 | 2025-07-02 | Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables. |
| CVE-2025-52886 | 2025-07-02 | Poppler Use After Free Vulnerability |
| CVE-2025-6942 | 2025-07-02 | The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another... |
| CVE-2025-53359 | 2025-07-02 | ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions |
| CVE-2025-20308 | 2025-07-02 | Cisco Spaces Connector Privilege Escalation Vulnerability |
| CVE-2025-20310 | 2025-07-02 | Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20307 | 2025-07-02 | Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability |
| CVE-2025-20309 | 2025-07-02 | Cisco Unified Communications Manager Static SSH Credentials Vulnerability |
| CVE-2025-52841 | 2025-07-02 | Laundry 2.3.0 - Account Takeover via CSRF |
| CVE-2025-49713 | 2025-07-02 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2025-34074 | 2025-07-02 | Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write |
| CVE-2025-34076 | 2025-07-02 | Microweber CMS Authenticated Local File Inclusion via Backup API |
| CVE-2025-34078 | 2025-07-02 | NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface |
| CVE-2025-34079 | 2025-07-02 | NSClient++ Authenticated Remote Code Execution via ExternalScripts API |
| CVE-2025-52559 | 2025-07-02 | Zulip XSS in digest preview URL |
| CVE-2025-43025 | 2025-07-02 | HP Universal Print Driver – Potential Denial of Service |
| CVE-2025-52842 | 2025-07-02 | Laundry 2.3.0 - Account Takeover via Reflected XSS |
| CVE-2025-43713 | 2025-07-03 | ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services... |
| CVE-2025-45809 | 2025-07-03 | BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block endpoint. |
| CVE-2025-45938 | 2025-07-03 | Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Jira fullName parameter. |
| CVE-2025-49618 | 2025-07-03 | In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint. |
| CVE-2025-50258 | 2025-07-03 | Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter. |
| CVE-2025-50260 | 2025-07-03 | Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter. |
| CVE-2025-50262 | 2025-07-03 | Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter. |
| CVE-2025-50263 | 2025-07-03 | Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter. |
| CVE-2025-5944 | 2025-07-03 | Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute |
| CVE-2024-9017 | 2025-07-03 | PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description |
| CVE-2025-38094 | 2025-07-03 | net: cadence: macb: Fix a possible deadlock in macb_halt_tx. |
| CVE-2025-38095 | 2025-07-03 | dma-buf: insert memory barrier before updating num_fences |
| CVE-2025-38096 | 2025-07-03 | wifi: iwlwifi: don't warn when if there is a FW error |
| CVE-2025-38097 | 2025-07-03 | espintcp: remove encap socket caching to avoid reference leak |
| CVE-2025-38098 | 2025-07-03 | drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink |
| CVE-2025-38099 | 2025-07-03 | Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken |
| CVE-2025-38100 | 2025-07-03 | x86/iopl: Cure TIF_IO_BITMAP inconsistencies |
| CVE-2025-38101 | 2025-07-03 | ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() |
| CVE-2025-38102 | 2025-07-03 | VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify |
| CVE-2025-38103 | 2025-07-03 | HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() |
| CVE-2025-38105 | 2025-07-03 | ALSA: usb-audio: Kill timer properly at removal |
| CVE-2025-38106 | 2025-07-03 | io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() |
| CVE-2025-38107 | 2025-07-03 | net_sched: ets: fix a race in ets_qdisc_change() |
| CVE-2025-38108 | 2025-07-03 | net_sched: red: fix a race in __red_change() |
| CVE-2025-38109 | 2025-07-03 | net/mlx5: Fix ECVF vports unload on shutdown flow |
| CVE-2025-38110 | 2025-07-03 | net/mdiobus: Fix potential out-of-bounds clause 45 read/write access |
| CVE-2025-38111 | 2025-07-03 | net/mdiobus: Fix potential out-of-bounds read/write access |
| CVE-2025-38112 | 2025-07-03 | net: Fix TOCTOU issue in sk_is_readable() |