Lista CVE - 2025 / Agosto
Visualizzazione 1401 - 1500 di 3631 CVE per Agosto 2025 (Pagina 15 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-5477 | 2025-08-13 | A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information... |
| CVE-2025-8920 | 2025-08-13 | Portabilis i-Diario Dicionário de Termos BNCC dicionario-de-termos-bncc cross site scripting |
| CVE-2025-8921 | 2025-08-13 | code-projects Job Diary user-apply.php sql injection |
| CVE-2025-8922 | 2025-08-13 | code-projects Job Diary admin-inbox.php sql injection |
| CVE-2025-8923 | 2025-08-13 | code-projects Job Diary edit-details.php sql injection |
| CVE-2025-8924 | 2025-08-13 | Campcodes Online Water Billing System viewbill.php sql injection |
| CVE-2025-8925 | 2025-08-13 | itsourcecode Sports Management System match.php sql injection |
| CVE-2025-8926 | 2025-08-13 | SourceCodester COVID 19 Testing Management System login.php sql injection |
| CVE-2025-8927 | 2025-08-13 | mtons mblog Verification Code send_code excessive authentication |
| CVE-2012-10055 | 2025-08-13 | ComSndFTP v1.3.7 Beta USER Format String RCE |
| CVE-2011-10015 | 2025-08-13 | Cytel Studio <= 9.0 .CY3 File Stack Buffer Overflow |
| CVE-2012-10059 | 2025-08-13 | Dolibarr ERP/CRM Post-Auth OS Command Injection |
| CVE-2011-10014 | 2025-08-13 | GTA SA-MP server.cfg Buffer Overflow |
| CVE-2012-10057 | 2025-08-13 | Lattice Semiconductor ispVM System 18.0.2 XCF File Handling Buffer Overflow |
| CVE-2011-10018 | 2025-08-13 | myBB 1.6.4 Backdoor Arbitrary Command Execution |
| CVE-2011-10012 | 2025-08-13 | NetOp Remote Control Client 9.5 .dws File Buffer Overflow |
| CVE-2012-10056 | 2025-08-13 | PHP Volunteer Management System 1.0.2 Arbitrary File Upload |
| CVE-2011-10010 | 2025-08-13 | QuickShare File Server 1.2.1 Path Traversal RCE |
| CVE-2012-10058 | 2025-08-13 | RabidHamster R4 Log Entry sprintf() Buffer Overflow |
| CVE-2011-10016 | 2025-08-13 | Real Networks Netzip Classic 7.5.1.86 File Parsing Buffer Overflow |
| CVE-2011-10009 | 2025-08-13 | S40 CMS 0.4.2 Path Traversal |
| CVE-2011-10017 | 2025-08-13 | Snort Report nmap.php/nbtscan.php RCE |
| CVE-2011-10019 | 2025-08-13 | Spreecommerce < 0.60.2 Search Parameter RCE |
| CVE-2012-10060 | 2025-08-13 | Sysax Multi Server < 5.55 SSH Username Buffer Overflow |
| CVE-2011-10013 | 2025-08-13 | Traq 2.0–2.3 admincp/common.php RCE |
| CVE-2012-10054 | 2025-08-13 | Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE |
| CVE-2011-10011 | 2025-08-13 | WeBid 1.0.2 converter.php Remote PHP Code Injection |
| CVE-2025-34154 | 2025-08-13 | UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read |
| CVE-2025-8928 | 2025-08-13 | code-projects Medical Store Management System Update Medicines UpdateMedicines.java sql injection |
| CVE-2025-8929 | 2025-08-13 | code-projects Medical Store Management System MainPanel.java sql injection |
| CVE-2025-55193 | 2025-08-13 | Active Record logging vulnerable to ANSI escape injection |
| CVE-2025-55194 | 2025-08-13 | Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload |
| CVE-2025-55196 | 2025-08-13 | External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access |
| CVE-2025-55197 | 2025-08-13 | pypdf's Manipulated FlateDecode streams can exhaust RAM |
| CVE-2025-55199 | 2025-08-13 | Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion |
| CVE-2025-55198 | 2025-08-13 | Helm May Panic Due To Incorrect YAML Content |
| CVE-2023-43683 | 2025-08-14 | An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters. |
| CVE-2023-43687 | 2025-08-14 | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack... |
| CVE-2023-43692 | 2025-08-14 | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes. |
| CVE-2023-43694 | 2025-08-14 | An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues... |
| CVE-2024-53945 | 2025-08-14 | The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root... |
| CVE-2024-53946 | 2025-08-14 | The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user... |
| CVE-2025-27845 | 2025-08-14 | In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI. |
| CVE-2025-27846 | 2025-08-14 | In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. |
| CVE-2025-27847 | 2025-08-14 | In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. |
| CVE-2025-43983 | 2025-08-14 | KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthenticated attacker to retrieve sensitive information (including the device admin username and password),... |
| CVE-2025-43984 | 2025-08-14 | An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows... |
| CVE-2025-50515 | 2025-08-14 | An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded. |
| CVE-2025-50518 | 2025-08-14 | A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object,... |
| CVE-2025-50817 | 2025-08-14 | A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py,... |
| CVE-2025-50861 | 2025-08-14 | The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a risk of unintended access to... |
| CVE-2025-50862 | 2025-08-14 | The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user... |
| CVE-2025-51965 | 2025-08-14 | OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering... |
| CVE-2025-51986 | 2025-08-14 | An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet. |
| CVE-2025-52335 | 2025-08-14 | EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information. |
| CVE-2025-8930 | 2025-08-14 | code-projects Medical Store Management System Update Company UpdateCompany.java sql injection |
| CVE-2025-8931 | 2025-08-14 | code-projects Medical Store Management System ChangePassword.java sql injection |
| CVE-2025-8932 | 2025-08-14 | 1000 Projects Sales Management System sales.php sql injection |
| CVE-2025-8933 | 2025-08-14 | 1000 Projects Sales Management System sales.php cross site scripting |
| CVE-2025-8934 | 2025-08-14 | 1000 Projects Sales Management System sales.php cross site scripting |
| CVE-2025-8935 | 2025-08-14 | 1000 Projects Sales Management System custcmp.php sql injection |
| CVE-2025-8936 | 2025-08-14 | 1000 Projects Sales Management System dordupdate.php sql injection |
| CVE-2025-8937 | 2025-08-14 | TOTOLINK N350R formSysCmd command injection |
| CVE-2024-7402 | 2025-08-14 | Netskope Client Configuration Tampering with Local MITM |
| CVE-2025-5941 | 2025-08-14 | Out-of-Bounds Read Vulnerability in Netskope Client |
| CVE-2025-0309 | 2025-08-14 | Netskope Client Local Elevation of Privileges |
| CVE-2025-5942 | 2025-08-14 | Heap Overflow in Netskope Endpoint DLP Driver |
| CVE-2025-8938 | 2025-08-14 | TOTOLINK N350R Telnet Service formSysTel backdoor |
| CVE-2025-8939 | 2025-08-14 | Tenda AC20 WifiGuestSet buffer overflow |
| CVE-2025-8940 | 2025-08-14 | Tenda AC20 saveParentControlInfo strcpy buffer overflow |
| CVE-2025-3414 | 2025-08-14 | Structured Content < 1.7.0 - Contributor Stored XSS |
| CVE-2025-6790 | 2025-08-14 | QSM < 10.2.3 - Template Creation via CSRF |
| CVE-2025-7808 | 2025-08-14 | WP Shopify < 1.5.4 - Reflected XSS |
| CVE-2025-8046 | 2025-08-14 | Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI'] |
| CVE-2025-8946 | 2025-08-14 | projectworlds Online Notes Sharing Platform login.php sql injection |
| CVE-2025-8947 | 2025-08-14 | projectworlds Visitor Management System query_data.php sql injection |
| CVE-2025-8948 | 2025-08-14 | projectworlds Visitor Management System front.php sql injection |
| CVE-2025-8949 | 2025-08-14 | D-Link DIR-825 httpd ping_response.cgi get_ping_app_stat stack-based overflow |
| CVE-2025-27388 | 2025-08-14 | Arbitrary URL Loading in WebView Leading to Token Leakage Risk |
| CVE-2025-8950 | 2025-08-14 | Campcodes Online Recruitment Management System index.php sql injection |
| CVE-2025-8951 | 2025-08-14 | PHPGurukul Teachers Record Management System search.php sql injection |
| CVE-2025-8952 | 2025-08-14 | Campcodes Online Flight Booking Management System Login ajax.php sql injection |
| CVE-2025-5998 | 2025-08-14 | PPWP < 1.9.11 - Subscriber+ Access Bypass via REST API |
| CVE-2025-8953 | 2025-08-14 | SourceCodester COVID 19 Testing Management System check_availability.php sql injection |
| CVE-2025-8954 | 2025-08-14 | PHPGurukul Hospital Management System doctor-specilization.php sql injection |
| CVE-2025-54472 | 2025-08-14 | Apache bRPC: Redis Parser Remote Denial of Service |
| CVE-2025-48860 | 2025-08-14 | A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with... |
| CVE-2025-48861 | 2025-08-14 | A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and... |
| CVE-2025-48862 | 2025-08-14 | Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However,... |
| CVE-2025-8955 | 2025-08-14 | PHPGurukul Hospital Management System edit-doctor.php sql injection |
| CVE-2025-55346 | 2025-08-14 | Unintended dynamic code execution leads to remote code execution by network attackers |
| CVE-2025-8047 | 2025-08-14 | Multiple Plugins from itayamar - Supply Chain Compromise |
| CVE-2025-8943 | 2025-08-14 | Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers |
| CVE-2025-7761 | 2025-08-14 | Reflected XSS in Lepszy BIP |
| CVE-2025-8956 | 2025-08-14 | D-Link DIR‑818L ssdpcgi cgibin getenv command injection |
| CVE-2025-8957 | 2025-08-14 | Campcodes Online Flight Booking Management System flights.php sql injection |
| CVE-2025-52823 | 2025-08-14 | WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability |
| CVE-2025-52820 | 2025-08-14 | WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability |
| CVE-2025-52806 | 2025-08-14 | WordPress JobSearch Plugin <= 2.9.0 - Local File Inclusion Vulnerability |
| CVE-2025-52801 | 2025-08-14 | WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability |