Lista CVE - 2025 / Luglio
Visualizzazione 3701 - 3776 di 3776 CVE per Luglio 2025 (Pagina 38 di 38)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-5720 | 2025-07-31 | Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter |
| CVE-2025-8366 | 2025-07-31 | Portabilis i-Educar educar_servidor_lst.php cross site scripting |
| CVE-2025-8367 | 2025-07-31 | Portabilis i-Educar funcionario_vinculo_lst.php cross site scripting |
| CVE-2025-8368 | 2025-07-31 | Portabilis i-Educar pesquisa_pessoa_lst.php cross site scripting |
| CVE-2025-53558 | 2025-07-31 | ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. |
| CVE-2025-8369 | 2025-07-31 | Portabilis i-Educar educar_avaliacao_desempenho_lst.php cross site scripting |
| CVE-2025-8370 | 2025-07-31 | Portabilis i-Educar educar_escolaridade_lst.php cross site scripting |
| CVE-2025-8371 | 2025-07-31 | code-projects Exam Form Submission update_s5.php sql injection |
| CVE-2025-54757 | 2025-07-31 | Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on... |
| CVE-2025-54752 | 2025-07-31 | Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file... |
| CVE-2025-46359 | 2025-07-31 | A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file. |
| CVE-2025-41396 | 2025-07-31 | A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user. |
| CVE-2025-7205 | 2025-07-31 | GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting |
| CVE-2025-41391 | 2025-07-31 | Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser. |
| CVE-2025-36563 | 2025-07-31 | Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser. |
| CVE-2025-8372 | 2025-07-31 | code-projects Exam Form Submission update_s7.php sql injection |
| CVE-2025-8373 | 2025-07-31 | code-projects Vehicle Management print.php sql injection |
| CVE-2025-8192 | 2025-07-31 | Race condition in AndroidTV TvSettings |
| CVE-2025-8374 | 2025-07-31 | code-projects Vehicle Management addcompany.php sql injection |
| CVE-2025-24853 | 2025-07-31 | Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing |
| CVE-2025-24854 | 2025-07-31 | Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin |
| CVE-2025-8375 | 2025-07-31 | code-projects Vehicle Management addvehicle.php sql injection |
| CVE-2025-8376 | 2025-07-31 | code-projects Vehicle Management updatebal.php sql injection |
| CVE-2025-40980 | 2025-07-31 | ddd |
| CVE-2025-8378 | 2025-07-31 | Campcodes Online Hotel Reservation System Login index.php sql injection |
| CVE-2025-41688 | 2025-07-31 | High Privilege RCE via LUA Sandbox Escape |
| CVE-2025-2813 | 2025-07-31 | HTTP Service DoS Vulnerability |
| CVE-2025-8379 | 2025-07-31 | Campcodes Online Hotel Reservation System edit_room.php unrestricted upload |
| CVE-2025-8380 | 2025-07-31 | Campcodes Online Hotel Reservation System add_query_account.php cross site scripting |
| CVE-2025-8151 | 2025-07-31 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions |
| CVE-2025-8401 | 2025-07-31 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure |
| CVE-2025-8068 | 2025-07-31 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions |
| CVE-2025-8381 | 2025-07-31 | Campcodes Online Hotel Reservation System add_reserve.php sql injection |
| CVE-2025-8382 | 2025-07-31 | Campcodes Online Hotel Reservation System edit_room.php sql injection |
| CVE-2025-8213 | 2025-07-31 | NinjaScanner – Virus & Malware scan <= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion |
| CVE-2025-54589 | 2025-07-31 | copyparty Reflected XSS via Filter Parameter |
| CVE-2025-8407 | 2025-07-31 | code-projects Vehicle Management filter2.php sql injection |
| CVE-2025-7738 | 2025-07-31 | Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap |
| CVE-2014-125125 | 2025-07-31 | A10 Networks AX Loadbalancer Path Traversal |
| CVE-2014-125121 | 2025-07-31 | Array Networks vAPV and vxAG Default Credential Privilege Escalation |
| CVE-2013-10043 | 2025-07-31 | Astium VOIP PBX <= 2.1 SQL Injection File Upload RCE |
| CVE-2013-10036 | 2025-07-31 | Beetel Connection Manager NetConfig.ini Stack-Based Buffer Overflow |
| CVE-2013-10040 | 2025-07-31 | ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE |
| CVE-2012-10021 | 2025-07-31 | D-Link DIR-605L Captcha Handling Buffer Overflow |
| CVE-2013-10038 | 2025-07-31 | FlashChat Arbitrary File Upload RCE |
| CVE-2013-10042 | 2025-07-31 | freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow |
| CVE-2013-10039 | 2025-07-31 | GestioIP 3.0 ip_checkhost.cgi RCE |
| CVE-2013-10034 | 2025-07-31 | Kaseya < 6.3.0.2 uploadImage.asp Arbitrary File Upload RCE |
| CVE-2013-10033 | 2025-07-31 | Kimai 0.9.2 db_restore.php SQL Injection |
| CVE-2014-125123 | 2025-07-31 | Kloxo < 6.1.12 Unauthenticated SQL Injection RCE |
| CVE-2014-125122 | 2025-07-31 | Linksys WRT120N tmUnblock.cgi Stack-Based Buffer Overflow Admin Password Reset |
| CVE-2011-10008 | 2025-07-31 | MPlayer Lite r33064 M3U Stack-Based Buffer Overflow |
| CVE-2025-34146 | 2025-07-31 | nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS |
| CVE-2014-125124 | 2025-07-31 | Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection |
| CVE-2013-10035 | 2025-07-31 | ProcessMaker Open Source < 2.5.2 neoclassic Skin PHP Code Execution |
| CVE-2014-125126 | 2025-07-31 | Simple E-Document Arbitrary File Upload RCE |
| CVE-2013-10037 | 2025-07-31 | WebTester 5.x install2.php Unauthenticated Command Execution |
| CVE-2025-8408 | 2025-07-31 | code-projects Vehicle Management filter1.php sql injection |
| CVE-2025-46809 | 2025-07-31 | Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs |
| CVE-2025-8409 | 2025-07-31 | code-projects Vehicle Management filter.php sql injection |
| CVE-2025-54832 | 2025-07-31 | OPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification |
| CVE-2025-54834 | 2025-07-31 | OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration |
| CVE-2025-54833 | 2025-07-31 | OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass |
| CVE-2025-8426 | 2025-07-31 | Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability |
| CVE-2025-37108 | 2025-07-31 | HPE Telco Service Activator, Protection Mechanism Failure |
| CVE-2025-37109 | 2025-07-31 | HPE Telco Service Activator, Protection Mechanism Failure |
| CVE-2025-8286 | 2025-07-31 | Güralp Systems FMUS Series and MIN Series Devices |
| CVE-2025-37110 | 2025-07-31 | Sensitive Credential Information stored insecurely in System Database |
| CVE-2025-37111 | 2025-07-31 | Hard-Coded Authentication Keys found in System |
| CVE-2025-37112 | 2025-07-31 | Hard-Coded Encryption Keys found in System |
| CVE-2025-48071 | 2025-07-31 | OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing |
| CVE-2025-48072 | 2025-07-31 | OpenEXR's Inaccurate Pointer Arithmetic can Cause an Out of Bounds Heap |
| CVE-2025-48073 | 2025-07-31 | OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode |
| CVE-2025-23289 | 2025-07-31 | NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy... |
| CVE-2023-32251 | 2025-07-31 | Kernel: ksmbd brute force delay bypass via asynchronous requests |
| CVE-2019-19144 | 2025-08-01 | XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate. |
| CVE-2019-19145 | 2025-08-01 | Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords. |
| CVE-2023-44976 | 2025-08-01 | Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in... |
| CVE-2025-44139 | 2025-08-01 | Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip |
| CVE-2025-45150 | 2025-08-01 | Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request. |
| CVE-2025-45767 | 2025-08-01 | jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance... |
| CVE-2025-45778 | 2025-08-01 | A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description... |
| CVE-2025-46018 | 2025-08-01 | CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could... |
| CVE-2025-50460 | 2025-08-01 | A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an... |
| CVE-2025-50472 | 2025-08-01 | The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers can execute arbitrary code and... |
| CVE-2025-50868 | 2025-08-01 | A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized before being used in SQL queries. |
| CVE-2025-50869 | 2025-08-01 | A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users... |
| CVE-2025-50870 | 2025-08-01 | Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information... |
| CVE-2025-51501 | 2025-08-01 | Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript. |
| CVE-2025-51502 | 2025-08-01 | Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users. |
| CVE-2025-51504 | 2025-08-01 | Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field. |
| CVE-2025-52327 | 2025-08-01 | SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file |
| CVE-2025-52361 | 2025-08-01 | Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script... |
| CVE-2025-52390 | 2025-08-01 | Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL... |
| CVE-2025-53399 | 2025-08-01 | In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except... |
| CVE-2025-54564 | 2025-08-01 | uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user. |
| CVE-2025-54939 | 2025-08-01 | LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. |
| CVE-2025-8431 | 2025-08-01 | PHPGurukul Boat Booking System add-boat.php sql injection |
| CVE-2025-5954 | 2025-08-01 | Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation |
| CVE-2025-8433 | 2025-08-01 | code-projects Document Management System dell.php unlink path traversal |