Lista CVE - 2025 / Luglio
Visualizzazione 3401 - 3500 di 3776 CVE per Luglio 2025 (Pagina 35 di 38)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-54767 | 2025-07-28 | KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service |
| CVE-2025-54768 | 2025-07-28 | KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information |
| CVE-2025-54769 | 2025-07-28 | KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal |
| CVE-2024-42644 | 2025-07-29 | FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0. |
| CVE-2024-42645 | 2025-07-29 | An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS). |
| CVE-2024-42651 | 2025-07-29 | NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message. |
| CVE-2024-42655 | 2025-07-29 | An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters. |
| CVE-2024-43018 | 2025-07-29 | Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is... |
| CVE-2025-28170 | 2025-07-29 | Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files. |
| CVE-2025-28171 | 2025-07-29 | An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi. |
| CVE-2025-28172 | 2025-07-29 | Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually... |
| CVE-2025-44136 | 2025-07-29 | MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an... |
| CVE-2025-44137 | 2025-07-29 | MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating... |
| CVE-2025-45346 | 2025-07-29 | SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request. |
| CVE-2025-46059 | 2025-07-29 | langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted... |
| CVE-2025-50738 | 2025-07-29 | The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically... |
| CVE-2025-51044 | 2025-07-29 | phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter. |
| CVE-2025-51045 | 2025-07-29 | Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter. |
| CVE-2025-51970 | 2025-07-29 | A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. |
| CVE-2025-52284 | 2025-07-29 | Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a... |
| CVE-2025-52358 | 2025-07-29 | A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error... |
| CVE-2025-52490 | 2025-07-29 | An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output. |
| CVE-2025-7810 | 2025-07-29 | StreamWeasels Kick Integration <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-7809 | 2025-07-29 | StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-7811 | 2025-07-29 | StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6495 | 2025-07-29 | Bricks Builder <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter |
| CVE-2025-3075 | 2025-07-29 | Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-4566 | 2025-07-29 | Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget |
| CVE-2025-4370 | 2025-07-29 | Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2025-53649 | 2025-07-29 | "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed... |
| CVE-2025-8264 | 2025-07-29 | Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username... |
| CVE-2025-53077 | 2025-07-29 | An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability. |
| CVE-2025-53078 | 2025-07-29 | Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system |
| CVE-2025-53079 | 2025-07-29 | Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files |
| CVE-2025-53080 | 2025-07-29 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem |
| CVE-2025-53081 | 2025-07-29 | An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses. |
| CVE-2025-53082 | 2025-07-29 | An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses. |
| CVE-2025-26400 | 2025-07-29 | SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability |
| CVE-2025-8216 | 2025-07-29 | Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2025-6730 | 2025-07-29 | Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success |
| CVE-2025-8196 | 2025-07-29 | Magical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes |
| CVE-2025-6681 | 2025-07-29 | Fan Page <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter |
| CVE-2025-7689 | 2025-07-29 | Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function |
| CVE-2025-6692 | 2025-07-29 | YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter |
| CVE-2025-5587 | 2025-07-29 | Appzend <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter |
| CVE-2025-40682 | 2025-07-29 | SQL injection vulnerability in Human Resource Management System |
| CVE-2025-40683 | 2025-07-29 | Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System |
| CVE-2025-40684 | 2025-07-29 | Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System |
| CVE-2025-40685 | 2025-07-29 | Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System |
| CVE-2025-40686 | 2025-07-29 | Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System |
| CVE-2025-6175 | 2025-07-29 | CRLF Injection in DECE Software's Geodi |
| CVE-2025-41241 | 2025-07-29 | Denial-of-service vulnerability |
| CVE-2025-6060 | 2025-07-29 | XSS in DECE Software's Geodi |
| CVE-2025-7458 | 2025-07-29 | SQLite integer overflow in key info allocation may lead to information disclosure. |
| CVE-2025-54422 | 2025-07-29 | Sandboxie exposes encrypted sandbox key during password change |
| CVE-2025-6504 | 2025-07-29 | Possibilities of IP Spoofing via X-Forwarded-For (XFF) Header |
| CVE-2025-6505 | 2025-07-29 | Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources,... |
| CVE-2025-31965 | 2025-07-29 | HCL BigFix Remote Control is affected by an authorization bypass vulnerability |
| CVE-2025-5922 | 2025-07-29 | Retrievable password hash protecting TSplus admin console |
| CVE-2025-2179 | 2025-07-29 | GlobalProtect App: Non Admin User Can Disable the GlobalProtect App |
| CVE-2025-27514 | 2025-07-29 | GLPI is susceptible to Stored XSS attack through project's kanban |
| CVE-2025-2533 | 2025-07-29 | IBM Db2 for Linux denial of service |
| CVE-2025-2928 | 2025-07-29 | SQL Injection affecting the Archiver role. |
| CVE-2025-5038 | 2025-07-29 | X_T File Parsing Memory Corruption Vulnerability |
| CVE-2025-5043 | 2025-07-29 | 3DM File Parsing Heap-Based Overflow Vulnerability |
| CVE-2025-6631 | 2025-07-29 | PRT File Parsing Out-of-Bounds Write Vulnerability |
| CVE-2025-6635 | 2025-07-29 | PRT File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-6636 | 2025-07-29 | PRT File Parsing Use-After-Free Vulnerability |
| CVE-2025-6637 | 2025-07-29 | PRT File Parsing Out-of-Bounds Write Vulnerability |
| CVE-2025-7497 | 2025-07-29 | PRT File Parsing Out-of-Bounds Write Vulnerability |
| CVE-2025-53711 | 2025-07-29 | TP-Link TL-WR841N WlanNetworkRpm.htm buffer overflow |
| CVE-2025-7675 | 2025-07-29 | 3DM File Parsing Out-of-Bounds Write Vulnerability |
| CVE-2025-53712 | 2025-07-29 | TP-Link TL-WR841N WlanNetworkRpm_AP.htm buffer overflow |
| CVE-2025-53713 | 2025-07-29 | TP-Link TL-WR841N WlanNetworkRpm_APC.htm buffer overflow |
| CVE-2025-53714 | 2025-07-29 | TP-Link TL-WR841N WzdWlanSiteSurveyRpm_AP.htm buffer overflow |
| CVE-2025-53715 | 2025-07-29 | TP-Link TL-WR841N Wan6to4TunnelCfgRpm.htm buffer overflow |
| CVE-2025-36010 | 2025-07-29 | IBM Db2 for Linux denial of service |
| CVE-2025-36071 | 2025-07-29 | IBM Db2 denial of service |
| CVE-2025-33092 | 2025-07-29 | IBM Db2 for Linux code execution |
| CVE-2025-33114 | 2025-07-29 | IBM Db2 for Linux denial of service |
| CVE-2024-52894 | 2025-07-29 | IBM Db2 for Linux, UNIX and Windows denial of service |
| CVE-2024-51473 | 2025-07-29 | IBM Db2 for Linux, UNIX and Windows denial of service |
| CVE-2024-49828 | 2025-07-29 | IBM Db2 for Linux, UNIX and Windows denial of service |
| CVE-2025-52899 | 2025-07-29 | Tuleap vulnerable to user enumeration via the lost password form |
| CVE-2025-53102 | 2025-07-29 | Discourse's WebAuthn challenge isn't cleared from user session after authentication |
| CVE-2025-53541 | 2025-07-29 | Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact |
| CVE-2025-53902 | 2025-07-29 | Tuleap exposes artifacts to a mentioned user via email notifications |
| CVE-2025-5684 | 2025-07-29 | MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element |
| CVE-2025-40600 | 2025-07-29 | Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. |
| CVE-2025-4674 | 2025-07-29 | Unexpected command execution in untrusted VCS repositories in cmd/go |
| CVE-2025-7361 | 2025-07-29 | Code Injection Vulnerability in NI LabVIEW when using CIN nodes |
| CVE-2025-7848 | 2025-07-29 | Missing input check in lvpict.cpp used in NI LabVIEW |
| CVE-2025-7849 | 2025-07-29 | Memory Corruption Issue in NI LabVIEW due to improper error handling |
| CVE-2025-54126 | 2025-07-29 | WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified |
| CVE-2025-54381 | 2025-07-29 | BentoML is Vulnerable to an SSRF Attack Through File Upload Processing |
| CVE-2025-43223 | 2025-07-29 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, macOS... |
| CVE-2025-43274 | 2025-07-29 | A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions. |
| CVE-2025-43235 | 2025-07-29 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause a denial-of-service. |
| CVE-2025-43184 | 2025-07-29 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.4. A shortcut may be... |
| CVE-2025-43254 | 2025-07-29 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. Processing a maliciously crafted file may lead... |