Lista CVE - 2025 / Luglio
Visualizzazione 3601 - 3700 di 3776 CVE per Luglio 2025 (Pagina 37 di 38)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-8320 | 2025-07-30 | Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2025-8292 | 2025-07-30 | Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-8322 | 2025-07-30 | Ventem|e-School - Missing Authorization |
| CVE-2025-8323 | 2025-07-30 | Ventem|e-School - Arbitrary File Upload |
| CVE-2025-38498 | 2025-07-30 | do_change_type(): refuse to operate on unmounted/not ours mounts |
| CVE-2025-1221 | 2025-07-30 | DoS in Zigbee device due to heavy traffic |
| CVE-2025-1394 | 2025-07-30 | Denial of Service (DoS) and memory leak vulnerabilities in Zigbee library |
| CVE-2025-6348 | 2025-07-30 | Smart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter |
| CVE-2025-47001 | 2025-07-30 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-8326 | 2025-07-30 | code-projects Exam Form Submission delete_s7.php sql injection |
| CVE-2025-54388 | 2025-07-30 | Moby's Firewalld reload makes published container ports accessible from remote hosts |
| CVE-2025-54410 | 2025-07-30 | Moby's Firewalld reload removes bridge network isolation |
| CVE-2025-54425 | 2025-07-30 | Umbraco's Delivery API allows for cached requests to be returned with an invalid API key |
| CVE-2025-54430 | 2025-07-30 | dedupe is vulnerable to secret exfiltration via `issue_comment` |
| CVE-2025-54572 | 2025-07-30 | Ruby SAML DOS vulnerability with large SAML response |
| CVE-2025-52567 | 2025-07-30 | GLPI has overly permissive URL verification |
| CVE-2025-52897 | 2025-07-30 | GLPI is vulnerable to XSS and open redirection attacks through planning feature |
| CVE-2025-53008 | 2025-07-30 | GLPI's MailCollector Receiver is vulnerable to credential exfiltration |
| CVE-2025-53111 | 2025-07-30 | GLPI exposes data to non-allowed users |
| CVE-2025-53112 | 2025-07-30 | GLPI's incomprehensive permission checks can lead to data removal from allowed users |
| CVE-2025-53113 | 2025-07-30 | GLPI technicians can access unauthorized information through external links |
| CVE-2025-53357 | 2025-07-30 | GLPI permits reservation modification by unauthorized users |
| CVE-2025-46811 | 2025-07-30 | SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint |
| CVE-2025-53944 | 2025-07-30 | AutoGPT Platform Exposes Graph Execution Results via Authorization Gap |
| CVE-2025-54433 | 2025-07-30 | Bugsink is vulnerable to Path Traversal attacks via event_id in ingestion |
| CVE-2025-43018 | 2025-07-30 | Certain HP LaserJet Pro Printers – Potential Information Disclosure |
| CVE-2025-54573 | 2025-07-30 | CVAT vulnerable to email verification bypass by use of basic authentication |
| CVE-2023-2593 | 2025-07-30 | Kernel: ksmbd memory exhaustion denial-of-service vulnerability |
| CVE-2025-54656 | 2025-07-30 | Apache Struts Extras: Improper Output Neutralization for Logs |
| CVE-2025-8353 | 2025-07-30 | UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups... |
| CVE-2025-8312 | 2025-07-30 | Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the... |
| CVE-2025-36611 | 2025-07-30 | Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this... |
| CVE-2025-8327 | 2025-07-30 | code-projects Exam Form Submission delete_s8.php sql injection |
| CVE-2025-30105 | 2025-07-30 | Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.... |
| CVE-2025-26332 | 2025-07-30 | TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this... |
| CVE-2025-30480 | 2025-07-30 | Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability... |
| CVE-2025-8328 | 2025-07-30 | code-projects Exam Form Submission register.php sql injection |
| CVE-2025-36608 | 2025-07-30 | Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability,... |
| CVE-2025-36609 | 2025-07-30 | Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation... |
| CVE-2025-30103 | 2025-07-30 | Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,... |
| CVE-2025-8329 | 2025-07-30 | code-projects Vehicle Management filter3.php sql injection |
| CVE-2025-8330 | 2025-07-30 | code-projects Vehicle Management edit1.php sql injection |
| CVE-2025-54576 | 2025-07-30 | OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion |
| CVE-2024-48916 | 2025-07-30 | Ceph is vulnerable to authentication bypass through RadosGW |
| CVE-2025-54575 | 2025-07-30 | ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks |
| CVE-2025-54581 | 2025-07-30 | vproxy is vulnerable to a divide by zero DoS attack |
| CVE-2025-54583 | 2025-07-30 | GitProxy bypasses approvals when pushing multiple branches |
| CVE-2025-54584 | 2025-07-30 | GitProxy is vulnerable to a packfile parsing exploit |
| CVE-2025-8331 | 2025-07-30 | code-projects Online Farm System forgot_pass.php sql injection |
| CVE-2025-54585 | 2025-07-30 | GitProxy is vulnerable to a new branch approval exploit |
| CVE-2025-8332 | 2025-07-30 | code-projects Online Farm System register.php sql injection |
| CVE-2025-8333 | 2025-07-30 | code-projects Online Farm System categoryvalue.php sql injection |
| CVE-2025-54586 | 2025-07-30 | GitProxy is susceptible to a hidden commits injection attack |
| CVE-2025-8334 | 2025-07-30 | Campcodes Online Recruitment Management System ajax.php sql injection |
| CVE-2025-8335 | 2025-07-30 | code-projects Simple Car Rental System cross-site request forgery |
| CVE-2025-8336 | 2025-07-30 | Campcodes Online Recruitment Management System ajax.php sql injection |
| CVE-2025-8337 | 2025-07-30 | code-projects Simple Car Rental System add_vehicles.php cross site scripting |
| CVE-2025-49083 | 2025-07-30 | Data deserialization vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 |
| CVE-2025-8338 | 2025-07-30 | projectworlds Online Admission System adminac.php sql injection |
| CVE-2025-49084 | 2025-07-30 | Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 |
| CVE-2025-54085 | 2025-07-30 | Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 |
| CVE-2025-49082 | 2025-07-30 | Permissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 |
| CVE-2025-36039 | 2025-07-30 | IBM Aspera Faspex bypass security |
| CVE-2025-36040 | 2025-07-30 | IBM Aspera Faspex session fixation |
| CVE-2024-34327 | 2025-07-31 | Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form. |
| CVE-2024-34328 | 2025-07-31 | An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL. |
| CVE-2025-26062 | 2025-07-31 | An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings. |
| CVE-2025-26063 | 2025-07-31 | An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network. |
| CVE-2025-26064 | 2025-07-31 | A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of... |
| CVE-2025-29556 | 2025-07-31 | ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the... |
| CVE-2025-29557 | 2025-07-31 | ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials,... |
| CVE-2025-45768 | 2025-07-31 | pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library... |
| CVE-2025-45769 | 2025-07-31 | php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by... |
| CVE-2025-45770 | 2025-07-31 | jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by... |
| CVE-2025-50270 | 2025-07-31 | A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title,... |
| CVE-2025-50475 | 2025-07-31 | An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network... |
| CVE-2025-50572 | 2025-07-31 | An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed... |
| CVE-2025-50847 | 2025-07-31 | Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request. |
| CVE-2025-50848 | 2025-07-31 | A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in... |
| CVE-2025-50849 | 2025-07-31 | CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this... |
| CVE-2025-50850 | 2025-07-31 | An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically... |
| CVE-2025-50866 | 2025-07-31 | CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in... |
| CVE-2025-50867 | 2025-07-31 | A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization. |
| CVE-2025-51383 | 2025-07-31 | D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. |
| CVE-2025-51384 | 2025-07-31 | D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. |
| CVE-2025-51385 | 2025-07-31 | D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter. |
| CVE-2025-51503 | 2025-07-31 | A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers. |
| CVE-2025-51569 | 2025-07-31 | A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cmd parameter before reflecting it into... |
| CVE-2025-52203 | 2025-07-31 | A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can... |
| CVE-2025-52289 | 2025-07-31 | A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending"... |
| CVE-2025-8339 | 2025-07-31 | code-projects Intern Membership Management System student_login.php sql injection |
| CVE-2025-8340 | 2025-07-31 | code-projects Intern Membership Management System Error Message fill_details.php cross site scripting |
| CVE-2025-8343 | 2025-07-31 | openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal |
| CVE-2025-8344 | 2025-07-31 | openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload |
| CVE-2025-8345 | 2025-07-31 | Shanghai Lingdang Information Technology Lingdang CRM yunzhijiaApi.php delete_user sql injection |
| CVE-2025-8346 | 2025-07-31 | Portabilis i-Educar educar_aluno_lst.php cross site scripting |
| CVE-2025-8347 | 2025-07-31 | Kehua Charging Pile Cloud Platform findAllTask sql injection |
| CVE-2025-8348 | 2025-07-31 | Kehua Charging Pile Cloud Platform home improper authentication |
| CVE-2025-8365 | 2025-07-31 | Portabilis i-Educar atendidos_cad.php cross site scripting |
| CVE-2025-7847 | 2025-07-31 | AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload |